Skip to main content

Cluster Roles

Cluster Roles lets you define Kubernetes RBAC Cluster roles that are synced to the specified clusters. These roles can then be assigned to individual Users or Teams within Loft by using Cluster Access objects.

Cluster Roles also support aggregation rules that allow combining multiple cluster roles into one using label selectors.

The vCluster Platform comes with some predefined cluster roles out-of-the-box. You can make use of them within your own spaces or clusters. However, if none of them quite fit your needs, then you can create your own Cluster Role by following the below steps.

Creating a Cluster Role

  1. Go to the Clusters view using the menu on the left.

  2. Click the Cluster Role option on the Clusters pane and then Click on the button at the very right.

  3. In the drawer that appears from the right, give the role a name by replacing the 'my-role' placeholder name, or by updating the manifest YAML 'metadata.name' field.

  4. In the Rules configuration pane, please specify the RBAC rule(s) for the current role in the 'RBAC Rules' Tab. Alternatively, you can also specify an aggregation rule for a cluster role of that type in the 'aggregation' tab. Finally, select the cluster in which you want the cluster role to be synced.

  5. In the Access configuration pane, Select the User or Team that should have access to the underlying cluster role object, from the User & Teams ... drop down menu. Choose what actions they are allowed to perform on the object, from the Permissions ... drop down menu.

  6. Click on the button to create the role.