Configuration

12/13/2023 Contributors

For any multitenant solution, no user can have access to more cluster resources than is required. So, the entire set of resources that are to be configured as part of the multitenancy configuration is divided between cluster-admin, storage-admin, and developers working on each project.

The following table outlines the different tasks to be performed by different users:

Role	Tasks
Cluster-admin	Create projects for different applications or workloads
Create ClusterRoles and RoleBindings for storage-admin
Create Roles and RoleBindings for developers assigning access to specific projects
[Optional] Configure projects to schedule pods on specific nodes
Storage-admin	Create SVMs on NetApp ONTAP
Create Trident backends
Create StorageClasses
Create storage ResourceQuotas
Developers	Validate access to create or patch PVCs or pods in assigned project
Validate access to create or patch PVCs or pods in another project
Validate access to view or edit Projects, ResourceQuotas, and StorageClasses

Role

Tasks

Cluster-admin

Create projects for different applications or workloads

Create ClusterRoles and RoleBindings for storage-admin

Create Roles and RoleBindings for developers assigning access to specific projects

[Optional] Configure projects to schedule pods on specific nodes

Storage-admin

Create SVMs on NetApp ONTAP

Create Trident backends

Create StorageClasses

Create storage ResourceQuotas

Developers

Validate access to create or patch PVCs or pods in assigned project

Validate access to create or patch PVCs or pods in another project

Validate access to view or edit Projects, ResourceQuotas, and StorageClasses

Configuration

Creating your file...