Unable to assign pks.clusters.manage privilege to Users/Group for an existing cluster
search cancel

Unable to assign pks.clusters.manage privilege to Users/Group for an existing cluster

book

Article ID: 330617

calendar_today

Updated On:

Products

VMware Cloud PKS

Issue/Introduction

Symptoms:
  • Users/Group which has the pks.clusters.manage privileges can't view/access/manage other pks clusters.

  • You would like to assign pks.cluster.manage privileges to a user for the PKS clusters created by other User/Group.



Environment

VMware PKS 1.x

Cause

By default if pks.clusters.manage role is assigned to a user or group, they can create their own clusters and manage but they can't view/manage clusters created by other Users or Group.

Let’s take a use case wherein there are two different teams Team A with 
pks.clusters.manage role creates cluster1 & cluster2 and Team B  with the same pks.clusters.manage role creates cluster3 and in addition they would want to access and manage cluster 2 which they don't have access to it.

Resolution

This is an expected behavior in VMware Enterprise PKS. However, we have raised a Feature Request to allow this option to grant roles at cluster level for other users as well.

Note: This is only for pks cluster access, kubernetes cluster access using kubectl is still possible with the use of RBAC