Continental Innovates with Rancher and Kubernetes
This section describes the permissions required to access Istio features.
The rancher istio chart installs three ClusterRoles
ClusterRoles
By default, only those with the cluster-admin ClusterRole can:
cluster-admin
ClusterRole
By default, only Admin and Edit roles can:
Istio creates three ClusterRoles and adds Istio CRD access to the following default K8s ClusterRole:
istio-admin
istio-edit
istio-view
Rancher will continue to use cluster-owner, cluster-member, project-owner, project-member, etc as role names, but will utilize default roles to determine access. For each default K8s ClusterRole there are different Istio CRD permissions and K8s actions (Create ( C ), Get ( G ), List ( L ), Watch ( W ), Update ( U ), Patch ( P ), Delete( D ), All ( * )) that can be performed.
config.istio.io
adapters
attributemanifests
handlers
httpapispecbindings
httpapispecs
instances
quotaspecbindings
quotaspecs
rules
templates
networking.istio.io
destinationrules
envoyfilters
gateways
serviceentries
sidecars
virtualservices
workloadentries
security.istio.io
authorizationpolicies
peerauthentications
requestauthentications