Before you begin
This procedure requires the following configurations and background:
- A Konvoy cluster with Kommander installed.
- An Identity Provider. This tutorial uses GitHub’s identity provider.
- A configured group in Kommander.
- At least one user in that group.
Access a cluster
If your group can access a cluster managed by Kommander, you can connect to that cluster from the Kommander landing page.
In this example, the Kommander cluster has two managed clusters on Azure but, as a user, you can only access the management cluster.
- Go to the landing page, provided by an administrator, and select Generate kubectl Token.
- Select the cluster you want to log into.
- As a user having access to the management cluster, select the
Maincluster and log in using an identity provider.
kubectlto the cluster using the interface instructions.
kubectl can now communicate with the cluster.
Depending on your rights, you can view and edit different api-resources.
Switch from a cluster to another cluster
To log in to another cluster that is part of your Kommander infrastructure, use the Access a cluster procedure again for the other cluster.
Messages when attached to a cluster that you do not have access
The Access a Cluster instructions work for any clusters (management and attached ones) even if you do not have access to them.
The difference is that, once you have attached the cluster, none of the
kubectl commands will succeed as the user does not have access:
$ kubectl get pods -A Error from server (Forbidden): pods is forbidden: User "firstname.lastname@example.org" cannot list resource "pods" in API group "" at the cluster scope