Use cases

This section illustrates possible use cases for a better understanding on which roles should be assigned to users who perform particular operations in a Container Cloud cluster:

Role

Use case

m:kaas@operator

Member of a dedicated infrastructure team who only manages bare metal hosts in Container Cloud

m:kaas@writer

Infrastructure Operator who performs the following operations:

  • Performs CRUD operations on namespaces to effectively manage Container Cloud projects (Kubernetes namespaces)

  • Creates a new project when a new team is being onboarded to Container Cloud

  • Manages API objects in all namespaces, creates clusters and machines

  • Using kubeconfig downloaded through the Container Cloud web UI, has full access to the Kubernetes clusters and StackLight APIs deployed by anyone in Container Cloud except the management cluster

  • Has the Container Cloud API access in the management cluster using the management cluster kubeconfig downloaded through the Container Cloud web UI

    Note

    To have full access to the management cluster, a kubeconfig generated during the management cluster bootstrap is required.

m:kaas@reader

Member of a dedicated infrastructure support team responsible for the Container Cloud infrastructure who performs the following operations:

  • Monitors the cluster and machine live statuses to control the underlying cluster infrastructure health status

  • Performs maintenance on the infrastructure level

  • Performs adjustments on the operating system level

m:kaas:<namespaceName>@writer

User who administers a particular project:

  • Has full access to Kubernetes clusters and StackLight APIs deployed by anyone in this project

  • Has full access to Container Cloud API in this project

  • Upgrades Kubernetes clusters in the project when an update is available

m:kaas:<namespaceName>@reader

Member of a dedicated infrastructure support team in a particular project. For use cases, see the m:kaas@reader role described above.

m:k8s:<namespaceName>:<clusterName>@cluster-admin

User who has admin access to a Kubernetes cluster deployed in a particular project.

m:sl:<namespaceName>:<clusterName>@admin

User who has full access to the StackLight components of a particular Kubernetes cluster deployed in a particular project to monitor the cluster health status.