Kubernetes manages access to the cluster via RBAC (Role-Based Access Control). By default, you have a token that belongs to a ServiceAccount with the cluster-admin role.

If you need to share access to the Kubernetes cluster with other users, it is recommended to create separate ServiceAccounts with the required Roles and RoleBindings. Such a flow helps to manage allowed actions manually (e.g. to create namespaces, deployments, services, ingresses, etc).

Note: Kubernetes RBAC system is not aligned with CirrusGrid accounts. Any user with SSH access to the master node can utilize the pre-configured kubectl tool with its cluster-admin role. Due to this specific, environment sharing over CirrusGrid PaaS functionality may expose sensitive information.

Powered by BetterDocs