Hi all, currently I’m running as IT administrator in my company.
I have requirements regarding k8s is that
• Have to seperate namespace for each department
• Dont allow users / tenant to see or run query again master nodes for example like kubectl get nodes - should hide the master
Any thoughts how to do this especially no 2? Tried many things but don’t work. Thanks
You just use standard rbac here. Tenant users should only have Roles which grant permission to things in their namespace. A node is not a namespaced resource
Thanks for no 1 . But yes, i’m having trouble with no 2. I’m thinking about changing the source code, but that will be much effort
You don’t want them to run commands against nodes like kubectl get nodes then don’t grant them permission to non-Namespaced resources like nodes.
This is all standard RBAC built into Kubernetes.
And why are you responding from two different accounts?
Because my departement is responsible for the kubernetes infra and the others only using it.
Noted for this. Let me check this one. Thanks for the answer
