Kubernetes

Installing the connector

Install the connector via helm:

In order to add connectors to Infra, you will need to set three pieces of information:

  • connector.config.name is a name you give to identify this cluster
  • connector.config.server is the hostname or IP address the connector will use to communicate with the Infra server.
  • connector.config.accessKey is the access key the connector will use to communicate with the server.

First, generate an access key:

infra keys add KEY_NAME connector

Next, use this access key to connect your cluster:

helm upgrade --install infra-connector infrahq/infra \
    --set connector.config.server=INFRA_URL \
    --set connector.config.accessKey=ACCESS_KEY \
    --set connector.config.name=example-name \
    --set connector.config.skipTLSVerify=true # only include if you have not yet configured certificates

Granting access

Once you've connected a cluster, you can grant access via infra grants add:

# grant access to a user
infra grants add [email protected] example --role admin

# grant access to a group
infra grants add -g engineering example --role view

Roles

RoleAccess level
cluster-adminGrants access to any resource
adminGrants access to most resources, including roles and role bindings, but does not grant access to cluster-level resources such as cluster roles or cluster role bindings
editGrants access to most resources in the namespace but does not grant access to roles or role bindings
viewGrants access to read most resources in the namespace but does not grant write access nor does it grant read access to secrets

Example: Grant user [email protected] the view role to a cluster

This command will grant the user [email protected] read-only access into a cluster, giving that user the privileges to query Kubernetes resources but not modify any resources.

infra grants add [email protected] cluster --role view

Example: Grant user [email protected] the admin role to a namespace

This command will grant the user [email protected] admin access into a namespace, giving that user the privileges to create, update, and delete any resource so long as the resources they’re modifying exist in the namespace.

infra grants add [email protected] cluster.namespace --role admin

Example: Revoke from the user [email protected] the admin role to a namespace

This command will remove the admin role, granted in the previous example, from [email protected].

infra grants remove [email protected] cluster.namespace --role cluster-admin

Additional Information


Sign up for product & API updates

You can unsubscribe at any time.