Skip to main content
Version: 3.3

Manage Access

Virtual Cluster access can be managed through the 'Permissions' section inside the virtual cluster drawer. There are a couple of special cases:

  1. Global Loft Admins & Project Admins have access and can change all virtual clusters within a project.
  2. Virtual Cluster owners always have access and can change their virtual clusters.
  3. Every user or team within the management cluster that has the RBAC permission on the resource "virtualclusterinstances" in api group "management.loft.sh" for the verb "use" can access the virtual cluster.

How does Access within a virtual cluster work?

Every user or team that has access to a virtual cluster gets automatically the default cluster role assigned within the virtual cluster. By default this is cluster-admin. The default cluster role can be either changed in the virtual cluster template or on the virtual cluster object itself.

Besides the default rule you can define extra rules on the virtual cluster or template that map a user or team to another cluster role. As soon as one rule matches a user or team, the default cluster role is not assigned. If multiple rules match a user, all the cluster roles defined in the rules are assigned.

Grant Access to a virtual cluster

  1. Go to the Projects view using the menu on the left
  2. Click on Virtual Clusters and click on the Edit link on a virtual cluster.
  3. In the drawer select the 'Permissions' section.
  4. Select the user or team you want to grant permissions in the 'User or Team' select. If you don't see the user or team you want to grant access in there, make sure they have project access.
  5. Specify the cluster-role you want to assign the user or team within the virtual cluster.
  6. Click on the button at the very bottom