Working with Roles

Roles are granted to users in Infra to give that user a certain level of access to a cluster or namespace. Learn more about Granting Roles to Users.

Roles supported by a connector are defined only in the context of the connected cluster. Infra supports the following roles by default:

RoleAccess level
cluster-adminGrants access to any resource
adminGrants access to most resources, including roles and role bindings, but does not grant access to cluster-level resources such as cluster roles or cluster role bindings
editGrants access to most resources in the namespace but does not grant access to roles or role bindings
viewGrants access to read most resources in the namespace but does not grant write access nor does it grant read access to secrets
logsGrants access to pod logs
execGrants access to kubectl exec
port-forwardGrants access to kubectl port-forward

Custom Kubernetes Roles

If the provided roles are not sufficient, additional roles can be configured to integrate with Infra. To add a new role, create a ClusterRole in a connected cluster with label app.infrahq.com/include-role=true.

kubectl create clusterrole example --verb=get --resource=pods
kubectl label clusterrole/example app.infrahq.com/include-role=true

Additional Information


Subscribe to updates

You can unsubscribe at any time.