docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #832 from docker/ucp-rbac-775 

edits to clarify Kubernetes case
This commit is contained in:
Justin I. Nevill 2018-11-06 14:31:06 -05:00 committed by GitHub
parent 5e10ab1ffc 0e25f9a6e9
commit b221cfa198
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ee/ucp/authorization/define-roles.md
View File

@ -22,10 +22,10 @@ You can define custom roles or use the following built-in roles:
| `Full Control` | Users can view and edit all granted resources. They can create containers without any restriction, but can't see the containers of other users. | | `Full Control` | Users can view and edit all granted resources. They can create containers without any restriction, but can't see the containers of other users. |
## Create a custom role ## Create a custom role for Swarm
The **Roles** page lists all default and custom roles applicable in the When creating custom roles to use with Swarm, the **Roles** page lists all default and custom roles applicable in the
organization. organization. To create custom roles for Kuberntetes, see [Configure native Kubernetes role-based access control](https://docs.docker.com/ee/ucp/admin/configure/configure-rbac-kube/).
You can give a role a global name, such as "Remove Images", which might enable the You can give a role a global name, such as "Remove Images", which might enable the
**Remove** and **Force Remove** operations for images. You can apply a role with **Remove** and **Force Remove** operations for images. You can apply a role with

24
ee/ucp/authorization/deploy-stateless-app.md
View File

@ -26,11 +26,12 @@ following structure:
``` ```
acme-datacenter acme-datacenter
├── dba ├── dba
   └── Alex Alutin └── Alex*
├── dev ├── dev
   └── Bett Bhatia │ └── Bett
└── ops └── ops
  └── Chad Chavez ├── Alex*
└── Chad
``` ```
Learn to [create and configure users and teams](create-users-and-teams-manually.md). Learn to [create and configure users and teams](create-users-and-teams-manually.md).
@ -54,19 +55,15 @@ metadata:
name: nginx-namespace name: nginx-namespace
``` ```
### Define roles ### Create a team
You can use the built-in roles or define your own. For this exercise, create a
simple role for the ops team:
1. Click **Roles** under **User Management**.
2. Click **Create Role**.
3. On the **Details** tab, name the role `Kube Deploy`.
4. On the **Operations** tab, check all **Kubernetes Deployment Operations**.
5. Click **Create**.
Learn to [create and configure users and teams](create-users-and-teams-manually.md). Learn to [create and configure users and teams](create-users-and-teams-manually.md).
### Define roles
For this exercise, create a simple role for the ops team. To learn how to create roles for Kubernetes,
see [Configure native Kubernetes role-based access control](/ee/ucp/admin/configure/configure-rbac-kube/).
### Grant access ### Grant access
Grant the ops team (and only the ops team) access to nginx-namespace with the Grant the ops team (and only the ops team) access to nginx-namespace with the
@ -172,4 +169,3 @@ service.
7. Log on to UCP as each user and ensure that: 7. Log on to UCP as each user and ensure that:
- `dba` (alex) cannot see `nginx-collection`. - `dba` (alex) cannot see `nginx-collection`.
- `dev` (bett) cannot see `nginx-collection`. - `dev` (bett) cannot see `nginx-collection`.