You must configure kfuse to implement RBAC in your deployment. Copy the following code in your <custom_values.yaml>
file and make edits as necessary.
The following sections outline the basic steps and provide examples on how to configure various components of RBAC.
To review general concepts, see Role-Based Access Control (RBAC).
Enable RBAC
The default RBAC policy is a fully-enabled RBAC, with full access.
To enable RBAC, add the following code to the <custom_values.yaml>
file:
RBACEnabled: true
Default User Role
The default user role for new users in Kloudfuse is Editor.
rbacDefaultUserRole: Editor
Admins can change this setting in the UI for individual users. See Assign Roles.
To change the default assignment for new users to Viewer, use rbacDefaultUserRole: Viewer
in the values.yaml
file instead.
Default Policy
Users who do not have a Policy assigned through the UI get a default level of access, depending on their Role:
Admins
default_rbac_policy: rbac_allow_all
Editors
default_rbac_policy: rbac_allow_all
Viewers
default_rbac_policy: rbac_allow_all
To change the default policy for the various roles, change the default_rbac_policy
in the values.yaml
file.
See Change a Policy to set the policy in the UI.