Skip to main content
Skip table of contents

Onboarding Users onto a DKP Cluster

After you install DKP and create a cluster, use this procedure to add new users to your environment.

Prerequisites

  • A Valid DKP License (Essential or Enterprise)

  • A running Cluster

Onboarding a New User to a DKP Cluster

This procedure assumes you are using a LDAP Connector and that you are a Cluster Admin.
For information on how you add users using other types of connectors, refer to the following pages:

  1. Create an LDAP Connector definition and name it ldap.yaml. An example is shown below:

    CODE 
    apiVersion: v1
kind: Secret
metadata:
  name: ldap-password
  namespace: kommander
type: Opaque
stringData:
  password: superSecret
---
apiVersion: dex.mesosphere.io/v1alpha1
kind: Connector
metadata:
  name: ldap
  namespace: kommander
spec:
  enabled: true
  type: ldap
  displayName: LDAP Test Connector
  ldap:
    host: ldapdce.testdomain
    insecureNoSSL: true
    bindDN: cn=ldapconnector,cn=testgroup,ou=testorg,dc=testdomain
    bindSecretRef:
      name: ldap-password
    userSearch:
      baseDN: dc=testdomain
      filter: "(objectClass=inetOrgPerson)"
      username: uid
      idAttr: uid
      emailAttr: uid
    groupSearch:
      baseDN: ou=testorg,dc=testdomain
      filter: "(objectClass=posixGroup)"
      userMatchers:
      - userAttr: uid
        groupAttr: memberUid
      nameAttr: cn

  2. Add the connector using the following command:

    CODE 
    kubectl apply -f ldap.yaml

    1. The output should look similar to the following:

      CODE 
      secret/ldap-password created
connector.dex.mesosphere.io/ldap created

  3. Add the appropriate role bindings and name the file new_user.yaml. Examples for both Single User and Group Bindings are shown below:

    • For Single Users:

      CODE 
      apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cluster-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: newUser

    • Group Binding

      CODE 
      apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: cluster-admin
  namespace: ml 
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin 
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: oidc:kommanderAdmins

  4. Add the role binding(s) using the following command:

    CODE 
    kubectl apply -f new_user.yaml

ClusterRoleBindings permissions are applicable on a global level.
RoleBindings permissions are applicable on a namespace level.

This procedure assumes that the user being added is an admin.

For additional information about the other roles in DKP and their permissions, refer to Granting Access to Kubernetes and Kommander Resources

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close