Skip to content

Viewers should be able to target a Shoot cluster #381

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#380
Closed
Viewers should be able to target a Shoot cluster#381
#380
Labels
component/gardenctlGardener CLIkind/enhancementEnhancement, improvement, extensionstatus/closedIssue is closed (either delivered or triaged)
@petersutter

Description

@petersutter
petersutter
opened on Feb 8, 2024

What would you like to be added:
gardenlogin v0.5 or higher supports the shoots/viewerkubeconfig subresource. As a result, users with the Project viewer role can now access the Shoot cluster with read-only permission.
In addition, the cluster CA can now be fetched via ConfigMap (gardener/gardener#9123). This allows the generation of the gardenlogin kubeconfig via gardenctl with only viewer permissions.

Therefore, it should be possible to target a Shoot cluster and interact with the cluster using the generated gardenlogin kubeconfig. However, ssh and the provider-env command will not work for viewers.

Why is this needed:

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    component/gardenctlGardener CLIkind/enhancementEnhancement, improvement, extensionstatus/closedIssue is closed (either delivered or triaged)

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions