Before you begin
This procedure requires the following configurations and background:
- A Konvoy cluster with Kommander installed.
- A configured Identity Provider.
- Some familiarity with Kubernetes role-based access control principles.
- A configured group in Kommander.
Give access to a certain group
You can give access for a group to certain objects by creating policies that bind that group to a role. You can use roles available by default such as View Role or create custom fine-grained roles fitting your use-cases.
You can use the Kommander UI or the
kubectl CLI to create policies, as explained in the role-based access control configuration tutorial. This tutorial explains you how to offer a certain access to a given group.
Add and remove a member to a group
Everything related to members happens in the Identity Providers section of Kommander.
You can add members in a group while creating a group and edit the members in the group later.
Use the cross at the right of the member name to remove a member from a group. You can list the groups in the
Identity Providers section to access and edit list members.
Once a member is part of a group, you can login to the clusters targeted by the group’s roles using the user’s credentials. This requires using the right Identity Provider (GitHub, LDAP, or a configured OIDC provider).