Skip to main content

Configuring Cluster Permissions

Before you can install AtScale, you must enable and configure RBAC authorization on your Kubernetes cluster.

Prerequisites

This procedure assumes the following:

Configuring permissions for your cluster

Use kubectl to set the following permissions on your cluster.

Kind: ClusterRole

API GroupsResourcesVerbs
rbac.authorization.k8s.ioclusterroles, clusterrolebindings, roles, rolebindingsget
apiextensions.k8s.iocustomresourcedefinitionscreate, get
networking.k8s.ioingressclassescreate, get
admissionregistration.k8s.iovalidatingwebhookconfigurationsget, patch
nginxconfigmaps, pods, leases, endpoints, secretsget, list, watch
nginxingresses, servicesget, list, update, watch

Kind: Role

API GroupsResourcesVerbs
Core API grouppersistentvolumeclaims, serviceaccounts, secrets, servicescreate, update, get, list, patch
Core API grouppodscreate, get
Core API groupconfigmapscreate, update, list, get, watch, patch, delete
coordination.k8s.ioconfigmaps, leasesget, update, list, watch, create, patch, delete
Core API groupleasesget, update, list, watch, create, patch, delete
Core API groupeventscreate, patch
Core API groupnamespacesget
batchjobscreate, delete, list, watch
appsstatefulsets, deployments, daemonsetscreate, get, patch
autoscalinghorizontalpodautoscalerscreate, get
networking.k8s.ioingresses, networkpoliciescreate, get, patch
policypoddisruptionbudgetscreate, get, patch
admissionregistration.k8s.iovalidatingwebhookconfigurationscreate
rbac.authorization.k8s.ioroles, rolebindingscreate
nginxconfigmaps, pods, leases, endpoints, secretsget, list, watch
nginxingresses, servicesget, list, update, watch