Multi tenant access to
At its core, Lieutenant is a multi tenant system. This doesn’t only apply to its data model but also the access control that data.
For that reason, Lieutenant creates a set of
RoleBinding for each
That role grants read access to all
Clusters owned by that
Tenant and the
apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: t-tenant-001 rules: - apiGroups: - syn.tools resources: - clusters - tenants verbs: - get resourceNames: - t-tenant-001 - c-cluster-001
Role gets updated whenever a new cluster gets created or deleted.
ServiceAccount is meant to be used for automation/system integration purposes.
RoleBinding links the
ServiceAccount, users and other subjects.
Once created, Lieutenant does no longer touch the
This grants the freedom to add and or remove subjects as needed.
Lieutenant won’t get in the way.