Introduction
In the modern business environment, organizations manage a variety of different applications and environments, each with its own resources, definitions, and configurations.
Internal users may find it challenging to navigate the complex relationships between these applications. Understanding the components that comprise an application, particularly its health status, operational efficiency, and identifying potential risks and growth opportunities, remains crucial.
Workspaces in Komodor now offer a powerful way to scope your Kubernetes world based on your needs, allowing you to filter and manage your resources—all while integrating seamlessly with our enhanced Role-Based Access Control (RBAC) capabilities. Rather than granting additional permissions, Workspaces work on top of your existing RBAC settings to ensure that users see only the resources they are authorized to access.
What Are Workspaces?
A Workspace is a customizable filter scope that allows you to focus on specific clusters, namespaces, or services. Workspaces don’t change your access rights; they simply help you view a curated subset of your Kubernetes environment.
Types of Workspaces:
-
Cluster-based Workspaces
Cluster-based Workspaces allow you to filter resources by cluster names, using flexible matching logic.- Supports wildcards & exclusions – Include or exclude clusters using patterns
- Supports single or multiple selection – Target one cluster or many with ease
-
Namespace-based Workspaces
Namespace-based Workspaces help you isolate resources based on naming patterns within namespaces.- Supports wildcards & exclusions – Easily include/exclude namespaces using naming conventions
- Supports single or multiple selection – Target one namespace or many with ease
-
Label/Annotation-based Workspaces
The workspace is configured using Kubernetes labels or annotations (supports wildcards and excludes, single or multiple selectors) to dynamically select tagged resources. See Tracked keys below.
How do Workspaces work with Komodor RBAC?
Workspaces are configured to work hand-in-hand with your existing RBAC Roles, Policies and actions.
The purpose of the workspace is not to replace RBAC or to grant additional permissions to a user beyond what RBAC allows; instead, workspaces filter in and out the resources the user can access based on their role, in Komodor.
RBAC controls access; Workspaces provide logical grouping for visibility.
Tracked keys
Kubernetes label or annotation keys that are defined by an administrator are called tracked keys. They are utilized as scopes for cluster-wide resource statements and workspaces to manage access for specific teams, tenants, or applications.
Tracked keys are used in policies to slice and dice resources in clusters for cluster-wide resources such as nodes or cluster-roles.
Tracked keys can be created directly from the policy/workspace management screens or the tracked keys screen. Any user with the manage:trackedkeys action can delete them from the tracked keys management screen. A tracked key must be removed from all related policies and workspaces before an admin can delete it.
Comments
0 comments
Please sign in to leave a comment.