# Clusters with RBAC Infra App is designed to work out of the box with RBAC-enabled environments. It assumes users have one of two roles: * Full cluster access * Single-namespace access ### Single Namespace access #### Kubernetes configuration file Infra App looks at the `context` entry the Kubernetes configuration file (KubeConfig) to know which namespace it should attempt to load for the user. For example: ```yaml - context: cluster: gke_test-cluster-abcdefg_us-central1-c_cluster-1 namespace: default # This tells Infra App which namespace to use user: gke_test-cluster-abcdefg_us-central1-c_cluster-1 name: gke_test-cluster-abcdefg_us-central1-c_cluster-1-single-namespace ``` #### Required RBAC Rules The configuration below outlines the permissions Infra App needs for a single-namespace user. Note that Infra App will work continue to work gracefully if users can't access the full list of resources. ```yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: default #replace with your namespace name: example-role #replace with your role name rules: - apiGroups: [""] resources: ["pods", "pods/log", "events", "services", "configmaps", "persistentvolumeclaims", "endpoints"] verbs: ["get", "watch", "list", "delete"] - apiGroups: [""] # For pod shell access resources: ["pods/exec"] verbs: ["get", "watch", "create"] - apiGroups: ["extensions", "apps"] resources: ["deployments", "replicasets", "statefulsets", "daemonsets"] verbs: ["get", "watch", "list"] - apiGroups: ["extensions", "batch"] resources: ["jobs", "cronjobs"] verbs: ["get", "watch", "list"] - apiGroups: ["extensions", "networking.k8s.io"] # For ingresses resources: ["ingresses"] verbs: ["get", "watch", "list"] - apiGroups: ["metrics.k8s.io"] # For metrics access resources: ["pods"] verbs: ["get", "watch", "list"] ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.infra.app/advanced/clusters-with-rbac.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.