Kubernetes
Installing the connector
Install the connector via helm:
In order to add connectors to Infra, you will need to set three pieces of information:
connector.config.nameis a name you give to identify this clusterconnector.config.serveris the hostname or IP address the connector will use to communicate with the Infra server.connector.config.accessKeyis the access key the connector will use to communicate with the server.
First, generate an access key:
infra keys add KEY_NAME connector
Next, use this access key to connect your cluster:
helm upgrade --install infra-connector infrahq/infra \
--set connector.config.server=INFRA_URL \
--set connector.config.accessKey=ACCESS_KEY \
--set connector.config.name=example-name \
--set connector.config.skipTLSVerify=true # only include if you have not yet configured certificates
Granting access
Once you've connected a cluster, you can grant access via infra grants add:
# grant access to a user
infra grants add [email protected] example --role admin
# grant access to a group
infra grants add -g engineering example --role view
Roles
| Role | Access level |
|---|---|
| cluster-admin | Grants access to any resource |
| admin | Grants access to most resources, including roles and role bindings, but does not grant access to cluster-level resources such as cluster roles or cluster role bindings |
| edit | Grants access to most resources in the namespace but does not grant access to roles or role bindings |
| view | Grants access to read most resources in the namespace but does not grant write access nor does it grant read access to secrets |
Example: Grant user [email protected] the view role to a cluster
This command will grant the user [email protected] read-only access into a cluster, giving that user the privileges to query Kubernetes resources but not modify any resources.
infra grants add [email protected] cluster --role view
Example: Grant user [email protected] the admin role to a namespace
This command will grant the user [email protected] admin access into a namespace, giving that user the privileges to create, update, and delete any resource so long as the resources they’re modifying exist in the namespace.
infra grants add [email protected] cluster.namespace --role admin
Example: Revoke from the user [email protected] the admin role to a namespace
This command will remove the admin role, granted in the previous example, from [email protected].
infra grants remove [email protected] cluster.namespace --role cluster-admin