Manage Kubernetes API Server user access

Giving users remote access to CDF environments allows authorized users to use kubectl to manage and troubleshoot Kubernetes clusters using the Kubernetes API. To do this, use the Actions menu from the Environments page.

The API server of the Kubernetes cluster which is created when enabling a CDP environment for DataFlow is secured using authentication and role based access control. By default no one is allowed to connect to the Kubernetes API server. You can grant users access to the Kubernetes API server by adding their AWS ARN to the list of Authorized Users so they can communicate with the cluster using Kubernetes management tools such as kubectl.

  • You have the DFAdmin user role.
  • You have a cloud user ID. For AWS this is an ARN and looks similar to:

    arn:aws:iam::{AWSaccountID}:role/{IAMRoleName}

See the AWS documentation for more information.

  1. In DataFlow, from the Environments page, click the Environment for which you want to add or remove user access.
  2. Click Manage DataFlow.
  3. From the Actions menu, click Manage Kubernetes API Server User Access.
  4. Provide the Cloud User ID you want to authorize.
    • To add more than one user, add Cloud User IDs one by one.

    • To remove a user, click the remove icon for the particular row.

Download the kubeconfig file and share it with authorized users so they can connect to the cluster using their preferred Kubernetes management tools