There are two ways how you can grant other users access to an iMKE cluster:
- granting users access to a complete iMKE project (which grants access to all clusters in that project as well)
- use role-based access control (RBAC) to define more fine-grained access control directly to the cluster.
This is the recommended method of granting other users access to a cluster.
Giving users access on a project level (like described here) provides them access to all clusters in this project. Users with this level of access can log in to the iMKE dashboard, see and (dependent on the level of access) also edit or create clusters. They can also download their kubeconfig directly:
All users with the same level of project-access effectively share the same
kubeconfig uses a token-based authentication, and the token is bound to the level of access (read-only/admin access). In case access needs to be removed for such a user, the tokens needs to be revoked, and all users need to download their
Using role-based access control allows a project admin to provide more fine-grained access based on predefined
Roles. Via the iMKE Dashboard, the admin can easily create (cluster-wide)
ClusterRoleBindings and (namespace-scoped)
A user with this level of access can download a specific
kubeconfig, which can be directly downloaded using a direct link (see below). Such a user does not need access to the iMKE Dashboard at all.
More on Kubernetes RBAC can be found here.