2018-11-08 19:23:39 +05:30
|
|
|
# Role Based Access Control
|
|
|
|
|
2018-11-20 20:47:30 +05:30
|
|
|
Until Kubernetes 1.7, there were no permissions within a cluster. With the launch
|
|
|
|
of 1.7, there is now a [role based access control system (RBAC)](https://kubernetes.io/docs/admin/authorization/rbac/)
|
|
|
|
which determines what services can perform actions within a cluster.
|
2018-11-08 19:23:39 +05:30
|
|
|
|
|
|
|
RBAC affects a few different aspects of GitLab:
|
|
|
|
|
2018-11-20 20:47:30 +05:30
|
|
|
- [Installation of GitLab using Helm](tiller.md#preparing-for-helm-with-rbac)
|
|
|
|
- Prometheus monitoring
|
|
|
|
- GitLab Runner
|
2018-11-08 19:23:39 +05:30
|
|
|
|
2018-11-20 20:47:30 +05:30
|
|
|
## Checking that RBAC is enabled
|
2018-11-08 19:23:39 +05:30
|
|
|
|
2018-11-20 20:47:30 +05:30
|
|
|
Try listing the current cluster roles, if it fails then `RBAC` is disabled.
|
|
|
|
The following command will output `false` if `RBAC` is disabled and `true` otherwise:
|
2018-11-08 19:23:39 +05:30
|
|
|
|
2018-11-20 20:47:30 +05:30
|
|
|
```sh
|
|
|
|
kubectl get clusterroles > /dev/null 2>&1 && echo true || echo false
|
|
|
|
```
|