You must configure permissions for actions that users can perform on Virtual Machines (VMs) deployed using Palette Virtual Machine Orchestrator (VMO), such as cloning, updating, and migrating VMs. You can do this by creating roles and cluster role bindings to determine access permissions. Refer to VM User Roles and Permissions for a list of Cluster Roles and equivalent Palette Roles. To learn more about Cluster RBAC in Palette, review the RBAC and NS Support guide.
A cluster profile with the Virtual Machine Orchestrator add-on pack configured. Check out the Create a VMO Profile guide to learn more.
Additional cluster roles, based on the user's persona, must be associated with the user by specifying a cluster role binding or a namespace-restricted role binding:
Alternatively, you can use standard Kubernetes roles
viewinstead of defining bindings based on
Assigned permissions to access Palette clusters.
Add Roles and Role Bindings
Log in to Palette.
From the left Main Menu, click Clusters and select your cluster.
Click Confirm to update the cluster.
The cluster status displays as Upgrading on the Cluster Overview page. Upgrading can take several minutes depending on your environment. You can track events from the Events tab.
You can verify role creation and role binding is successful by following the steps below.
Log in to Palette.
Navigate to the left Main Menu and select Clusters.
Select the cluster you created the role binding in to view its details page.
Download the kubeconfig file for the cluster or use the web shell to access the host cluster.
Use the following commands to review details about the role and to ensure the role binding was successful.
kubectl get clusterrole <yourRoleNameHere> --output yaml
kubectl get role <yourRoleNameHere> --namespace <namespace> --show-kind --export
Now you are ready to deploy a VM. Review the Deploy VM From a Template guide to get started with the deployment process.