I am attempting to grant a set of users access to ...
# kubernetesc
cuddly-gpu-29860
03/17/2025, 3:53 PMI am attempting to grant a set of users access to be able to view workloads across our various k8s clusters. We manage our users via AzureAD auth provider and currently have non-prod & prod read only groups that are "standard users" with "use catalogs" and "view rancher metrics" however they are unable to see the workloads drop down. What is the correct way to grant access to these groups to allow them to see workloads on every cluster - we currently do not leverage projects completely and it is the only place in the docs I see workloads mentioned under the Project Role Reference.
cuddly-gpu-29860
03/17/2025, 6:25 PMSolved: In case someone comes across the same issue.
The Cluster Member role does not have the correct permissions to view Workloads so the Cluster Viewer role needs to be assigned. (Note: this needs to be completed for each individual cluster)
1. Navigate to the cluster in question
2. Select the Cluster drop down
3. Select Cluster Members
4. Select Add
5. Select the Member/Group
6. Select the Cluster Permissions -> Cluster Viewer
r
rough-car-51457
04/03/2025, 9:23 AMwe recently did the same. We have a kyverno policy in place that auto-adds namespaces to the correct project (based on namespace name). The namespace-to-project link is just a namespace annotation, so its easily added with Kyverno a ClusterPolicy. Then we could provision project-level access for users based on Entra ID group membership
3 Views