| Table of Contents |
|---|
Overview
Kfuse supports RBAC by enforcing access/permission (authorization) on ALL resources based on the logged in user’s role. Kfuse enforces this access on both workflows/operations (like creating alerts o saving metrics from logs) and the data (all telemetry collected from various sources). Authentication of the logged in user is derived from the IAM solution (OKTA, Google Auth, etc.) integrated and configured to be used with Kfuse.
Configuration
Configure kfuse for implementing RBAC in your deployment. Copy the following code in your <custom_values.yaml> file and make edits as necessary. Please look through the comments for example and. To learn more review the concepts.
...
kloudfuse platform has following roles and their capabilities.
Capabilities | (UM) User management
(add UserConfig) | R/W (Kfuse)
| R/W (grafana**)
| Read
|
Admin | Yes | Yes | Yes | Yes |
Editor | No | Yes | Yes | Yes |
Viewer | No | No | No | Yes |
** Only for user with admin role
...
kloudfuse can be configured with "groups" having assigned "rbac_policy" (role and the associated view/scope) and together they define the "rbac_configuration" of the system. To configure the system correctly please go through the following definitions.
Scope
A scope defines what data a given user has access to. Kloudfuse platform has following inbuilt (reserved) access types.
...