Privileges Required to Use Kubernetes Connector
To use the Kubernetes Connector, you need one of the following:
scheduler-administrator
orredwood-administrator
role.scheduler-user
orredwood-login
role in combination with the following system-wide, Partition-wide or object-level privileges.
Built-in Roles
- The
scheduler-administrator
orredwood-administrator
built-in role provides full control over the Kubernetes Connector. - The
scheduler-viewer
built-in role provides read-only access to the Kubernetes Connector.
Creating, Modifying, and Deleting Kubernetes Connections
You need all of the following privilege ranks to be able to create, modify, and delete Kubernetes objects:
- View or any other rank - on the GLOBAL.Redwood.REDWOOD.Kubernetes Application.
- View or any other rank - on the REDWOOD.Redwood_KubernetesConnectionConstraint constraint.
- View or any other rank - on the REDWOOD.Redwood_KubernetesNamespaceConstraint constraint.
- View or any other rank - on the REDWOOD.Redwood_KubernetesConnection Extension Point.
- View or any other rank - on the Redwood_Connections Extension Point.
- View or any other rank - on the existing Job Server and Queue for the connection, if applicable.
- Create - on Job Server and Queue, if these need to be created.
- Edit - on KBSConnection if you want to be able to manage all Kubernetes connections.
Using Kubernetes
- View or any other rank - on the GLOBAL.Redwood.REDWOOD.Kubernetes Application.
- View or any other rank - on the REDWOOD.Redwood_KubernetesConnectionConstraint constraint.
- View or any other rank - on the REDWOOD.Redwood_KubernetesNamespaceConstraint constraint.
- View or any other rank - on the REDWOOD.Redwood_KubernetesConnection Extension Point.
- View - on KBSConnection.
- View - on the component's Job Server.
- JobAdministrator - on the component's Queue.
- View - on REDWOOD.Redwood_Kubernetes library.
- Run - on Job Definitions you wish to use.