Privileges Required to Use Kubernetes Connector

To use the Kubernetes Connector, you need one of the following:

  • scheduler-administrator or redwood-administrator role.
  • scheduler-user or redwood-login role in combination with the following system-wide, Partition-wide or object-level privileges.

Built-in Roles

  • The scheduler-administrator or redwood-administrator built-in role provides full control over the Kubernetes Connector.
  • The scheduler-viewer built-in role provides read-only access to the Kubernetes Connector.

Creating, Modifying, and Deleting Kubernetes Connections

You need all of the following privilege ranks to be able to create, modify, and delete Kubernetes objects:

  • View or any other rank - on the GLOBAL.Redwood.REDWOOD.Kubernetes Application.
  • View or any other rank - on the REDWOOD.Redwood_KubernetesConnectionConstraint constraint.
  • View or any other rank - on the REDWOOD.Redwood_KubernetesNamespaceConstraint constraint.
  • View or any other rank - on the REDWOOD.Redwood_KubernetesConnection Extension Point.
  • View or any other rank - on the Redwood_Connections Extension Point.
  • View or any other rank - on the existing Job Server and Queue for the connection, if applicable.
  • Create - on Job Server and Queue, if these need to be created.
  • Edit - on KBSConnection if you want to be able to manage all Kubernetes connections.

Using Kubernetes

  • View or any other rank - on the GLOBAL.Redwood.REDWOOD.Kubernetes Application.
  • View or any other rank - on the REDWOOD.Redwood_KubernetesConnectionConstraint constraint.
  • View or any other rank - on the REDWOOD.Redwood_KubernetesNamespaceConstraint constraint.
  • View or any other rank - on the REDWOOD.Redwood_KubernetesConnection Extension Point.
  • View - on KBSConnection.
  • View - on the component's Job Server.
  • JobAdministrator - on the component's Queue.
  • View - on REDWOOD.Redwood_Kubernetes library.
  • Run - on Job Definitions you wish to use.