Configuration

Contributors Download PDF of this page

For any multitenant solution, no user can have access to more cluster resources than is required. So, the entire set of resources that are to be configured as part of the multitenancy configuration is divided between cluster-admin, storage-admin, and developers working on each project.

The following table outlines the different tasks to be performed by different users:

Role Tasks

Cluster-admin

Create projects for different applications or workloads

Create ClusterRoles and RoleBindings for storage-admin

Create Roles and RoleBindings for developers assigning access to specific projects

[Optional] Configure projects to schedule pods on specific nodes

Storage-admin

Create SVMs on NetApp ONTAP

Create Trident backends

Create StorageClasses

Create storage ResourceQuotas

Developers

Validate access to create or patch PVCs or pods in assigned project

Validate access to create or patch PVCs or pods in another project

Validate access to view or edit Projects, ResourceQuotas, and StorageClasses