Configuring Cluster Permissions
Before you can install AtScale, you must enable and configure RBAC authorization on your Kubernetes cluster.
Prerequisites
This procedure assumes the following:
- You have a Kubernetes cluster that meets the requirements described in System Requirements.
- You have enabled RBAC authorization as described in the Kubernetes documentation.
Configuring permissions for your cluster
Use kubectl
to set the following permissions on your cluster.
Kind: ClusterRole
API Groups | Resources | Verbs |
---|---|---|
rbac.authorization.k8s.io | clusterroles, clusterrolebindings, roles, rolebindings | get |
apiextensions.k8s.io | customresourcedefinitions | create, get |
networking.k8s.io | ingressclasses | create, get |
admissionregistration.k8s.io | validatingwebhookconfigurations | get, patch |
nginx | configmaps, pods, leases, endpoints, secrets | get, list, watch |
nginx | ingresses, services | get, list, update, watch |
Kind: Role
API Groups | Resources | Verbs |
---|---|---|
Core API group | persistentvolumeclaims, serviceaccounts, secrets, services | create, update, get, list, patch |
Core API group | pods | create, get |
Core API group | configmaps | create, update, list, get, watch, patch, delete |
coordination.k8s.io | configmaps, leases | get, update, list, watch, create, patch, delete |
Core API group | leases | get, update, list, watch, create, patch, delete |
Core API group | events | create, patch |
Core API group | namespaces | get |
batch | jobs | create, delete, list, watch |
apps | statefulsets, deployments, daemonsets | create, get, patch |
autoscaling | horizontalpodautoscalers | create, get |
networking.k8s.io | ingresses, networkpolicies | create, get, patch |
policy | poddisruptionbudgets | create, get, patch |
admissionregistration.k8s.io | validatingwebhookconfigurations | create |
rbac.authorization.k8s.io | roles, rolebindings | create |
nginx | configmaps, pods, leases, endpoints, secrets | get, list, watch |
nginx | ingresses, services | get, list, update, watch |