Manage Access to the Virtual Cluster
Access to a virtual cluster is automatically granted to the following users:
- Global Admins: They have access to all virtual clusters in the platform.
- Project Admins: They have access to all virtual clusters within the project.
- Virtual Cluster Owners: They have access to the specific virtual cluster.
- Users with Physical Cluster Permissions: Every user or team within the physical cluster that has the RBAC permission on the resource
virtualclusterinstancesin the API groupmanagement.loft.shfor the verbusecan access any virtual cluster.
In order to extend access to other users or teams, you can edit the permissions for the virtual cluster.
How does access within a virtual cluster work?
Each virtual cluster has a default cluster role when adding a user or team to give them access to the virtual cluster. The default cluster role is cluster-admin. The default cluster role can be changed in the virtual cluster template or on the virtual cluster object.
Besides the default rule you can define extra rules on the virtual cluster or template that map a user or team to another cluster role. As soon as one rule matches a user or team, the default cluster role is not assigned. If multiple rules match a user, all the cluster roles defined in the rules are assigned.
Grant Access to a virtual cluster
From the project drop-down menu (top left corner), select the project to find your virtual cluster.
Click on Virtual Clusters.
Click on Edit on the virtual cluster that you want to edit.
Click on the Permissions.
Click the Add Permission to" input and select the user or team to add. If you don't see the user or team you want to grant access in there, confirm that they have project access.
Specify the Cluster Role you want to assign the user or team.
Once all virtual options have been specified, click the .