Manage Permissions

Kubernetes clusters can be accessed by multiple users, and you can assign permissions per specific API or namespace to define access scope. By applying Kubernetes’ role-based access control (RBAC, Role-based access control) feature, you can set permissions per cluster or namespace. You can create and manage cluster roles, cluster role bindings, roles, and role bindings.

Managing Cluster Role

You can set and manage access permissions on a per-cluster basis. You can also set permissions for APIs or resources that are not limited to a namespace.

Create Cluster Role

To create a cluster role, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Cluster Role under the Permissions menu on the Service Home page. Go to the Cluster Role List page.
3. Cluster Role List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. Object Creation Popup In the Object Creation Popup, enter the object information and click the Confirm button.

Check detailed information of cluster role

To view detailed information about the cluster role, follow these steps.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Cluster Role under the Permissions menu on the Service Home page. Go to the Cluster Role List page.
3. On the Cluster Role List page, select the cluster and namespace from the top left gear button, then click Confirm.
4. Cluster Role List page: select the item you want to view detailed information for. You will be taken to the Cluster Role Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Delete Cluster Role	Delete the cluster role
   Detailed Information	Can check detailed information of ClusterRole
   YAML	Cluster role’s resource files can be edited in the YAML editor Click the Edit button, modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changes
   Event	Check events that occurred within the cluster role
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of the cluster role
   Policy Rule Information	View the policy rule information of the ClusterRole Resources: List of resources to which the rule applies Non-Resource URLs: Non-Resource URLs are the set of partial URLs that the user needs to access * is allowed but only as the final segment of the path Since non-resource URLs are not namespaced, this field only applies to ClusterRoles referenced by a ClusterRoleBinding A rule can apply to API resources (e.g., “pods” or “secrets”) or non-resource URL paths (e.g., “/api”), but not both Resource Names: Resource names are an optional whitelist of names the rule applies to. An empty set means everything is allowed Verbs: Verb refers to the API verbs used in resource requests such as get, list, create, update, path, watch, delete, deletecollection For more details, refer to the Kubernetes official documentation > API Verbs

   Table. Cluster role detailed information items

Delete ClusterRole

To delete the cluster role, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Cluster Role under the Permissions menu. You will be taken to the Cluster Role List page.
3. On the Cluster Role List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Cluster Role List page, select the item you want to delete. Move to the Cluster Role Details page.
5. Click Delete Cluster Role on the Cluster Role Details page.
6. Alert confirmation window appears, click the Confirm button.

Managing ClusterRoleBinding

You can create and manage a cluster role binding by connecting a cluster role with a specific target.

Create Cluster Role Binding

To create a cluster role binding, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click ClusterRoleBinding under the Permissions menu. You will be taken to the ClusterRoleBinding list page.
3. Cluster Role Binding List page, select the cluster and namespace from the Gear button at the top left, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check detailed information of ClusterRoleBinding

To check the detailed information of cluster role binding, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click ClusterRoleBinding under the Permissions menu. You will be taken to the ClusterRoleBinding List page.
3. Cluster Role Binding List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Cluster Role Binding List page, select the item you want to view detailed information. Navigate to the Cluster Role Binding Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Delete Cluster Role Binding	Delete cluster role binding
   Detailed Information	Check the detailed information of the cluster role binding
   YAML	The resource file of ClusterRoleBinding can be edited in the YAML editor Edit button click and modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changed content
   Event	Check events that occurred within the ClusterRoleBinding
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of the cluster role binding
   Roll/Target Info	Check the role and target information of the cluster roll

   Table. Cluster Role Binding Detailed Information Items

Delete Cluster Role Binding

To delete the cluster role binding, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click ClusterRoleBinding under the Permissions menu on the Service Home page. It will navigate to the ClusterRoleBinding List page.
3. Cluster Role Binding List 페이지에서 클러스터와 네임스페이스를 왼쪽 상단의 gear 버튼에서 선택 후, Confirm을 클릭하세요.
4. Cluster Role Binding List Select the item you want to delete on the page. Cluster Role Binding Details Navigate to the page.
5. Click Delete Cluster Role Binding on the Cluster Role Binding Details page.
6. Notification Confirmation Window appears, click the Confirm button.

Manage Roll

A role refers to a rule that specifies permissions for a specific API or resource. You can create and manage permissions that can only access the namespace to which the role belongs.

Create Roll

To create a roll, follow the steps below.

1. All Services > Container > Kubernetes Engine menu, click. Navigate to the Service Home page of Kubernetes Engine.
2. Click Role under the Permission menu on the Service Home page. It moves to the Role List page.
3. On the Roll List page, select the cluster and namespace from the Gear button at the top left, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check roll detailed information

To check detailed roll information, follow the steps below.

1. Click the All Services > Container > Kubernetes Engine menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Role under the Permissions menu. You will be taken to the Role List page.
3. On the Role List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to view detailed information for on the Roll List page. You will be taken to the Roll Details page.
   • If you select Show System Objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Delete role	Delete role
   Detailed Information	Check detailed information of the roll
   YAML	Roll’s resource file can be edited in a YAML editor Click the Edit button, modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changed content
   Event	Check events that occurred within the roll
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of the roll
   Policy Rule Information	View the policy rule information of the role Resources: List of resources to which the rule applies Non-Resource URLs: Non-Resource (NonResource) URLs are the set of partial URLs the user must access * is allowed but only as the final segment of the path Non-resource URLs are not namespaced, so this field only applies to ClusterRoles referenced by a ClusterRoleBinding Rules can apply to API resources (e.g., “pods” or “secrets”) or non-resource URL paths (e.g., “/api”), but not both Resource Names: Resource names are an optional whitelist of names the rule applies to, an empty set means everything is allowed Verbs: Verb refers to the API verbs used in resource requests such as get, list, create, update, path, watch, delete, deletecollection For more details, refer to the Kubernetes official documentation > API Verbs

   Table. Roll detailed information items

Delete roll

To delete the roll, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Role under the Permissions menu on the Service Home page. You will be taken to the Role List page.
3. On the Roll List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Select the item you want to delete on the Role List page. Navigate to the Role Details page.
5. Click Delete Roll on the Roll Details page.
6. When the alert confirmation window appears, click the Confirm button.

Manage Roll Binding

You can connect a role with a specific target to create and manage role bindings.

Create Roll Binding

To create a role binding, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. On the Service Home page, click Roll Binding under the Permission menu. It will navigate to the Roll Binding List page.
3. Roll Binding List page, select the cluster and namespace from the gear button at the top left, then click Create Object.
4. In the Object Creation Popup, enter the object information and click the Confirm button.

Check Roll Binding Detailed Information

To check the detailed roll binding information, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Roll Binding under the Permission menu on the Service Home page. Navigate to the Roll Binding List page.
3. Roll Binding List 페이지에서 클러스터와 네임스페이스를 왼쪽 상단의 gear 버튼에서 선택 후, Confirm을 클릭하세요.
4. On the Roll Binding List page, select the item you want to view detailed information for. You will be taken to the Roll Binding Details page.
   • If you select Show system objects at the top of the list, items other than the Kubernetes object entries will be displayed.
5. Click each tab to view service information.

   Category	Detailed description
   Delete Roll Binding	Delete roll binding
   Detailed Information	Check detailed information of roll binding
   YAML	Roll binding’s resource files can be edited in a YAML editor Edit button click and modify the resource, then click the Save button to apply changes When editing content, click the Diff button to view the changed content
   Event	Check events that occurred within roll binding
   Account Information	Check basic information about the Account such as Account name, location, creation date, etc.
   Metadata Information	Check the metadata information of Roll Binding
   Role/Target Information	Check the role’s function and target information

   Table. Roll Binding Detailed Information Items

Delete Roll Binding

To delete the roll binding, follow the steps below.

1. All Services > Container > Kubernetes Engine Click the menu. Navigate to the Service Home page of Kubernetes Engine.
2. Click Roll Binding under the Permissions menu on the Service Home page. Navigate to the Roll Binding List page.
3. On the Role Binding List page, select the cluster and namespace from the gear button at the top left, then click Confirm.
4. Roll Binding List page, select the item you want to delete. Roll Binding Details page, navigate.
5. Click Delete Roll Binding on the Roll Binding Details page.
6. Alert confirmation window appears, click the Confirm button.