我的书签
添加书签
移除书签Getting Started with Multi-tenant Management
- KubeDphere has been installed.
- KubeSphere has been logged in with the default admin username and its password.
- About 15 minutes.
Currently, the platform resources have three levels which are Cluster, Project and DevOps Project. As it shown below, there are multiple built-in roles in each organization and in each level.
Step 1: Create roles and accounts
The cluster-admin can create accounts and assign roles for other users. There are three common roles in the cluster level. The platform also supports customizing new roles.
Here is an example showing you how to create a new role (user-manager), grant the role account management and role management permission and how to create a new account and grant it as the users-manager.
1.1 Click Platform → Platform Roles. You can see the role list as follows. Click Create to create a role which is used to manage all accounts and roles.
1.2. Fill in the basic information and authority settings of the role.
Name: Use a simple name for browse and search such as .
Description: Describe the role’s responsibility, such as
Manage accounts and roles.1.3. Check all the authorities for accound and role management; then click Create.
1.4. Click Platform→Accounts. You can see the account list in the current cluster. Then click Create.
1.5. Fill in the new user’s basic information. Set the username as user-manger; select the role user-manger. Other information can be customized. Then click Create.
1.7. Verify the 4 accounts that we have created.
Step 2: Create a Workspace
Workspace is the base for KubeSphere’s multi-tenant mode. It’s also the base unit for user management projecs, DevOps projects and corporate members.
2.1. Log in KubeSphere with ws-manager which has the authority to check and manage all the workspaces on the platform.
Click platform management→ on the left top corner. You can see there is only one default workspace system-workspace, for running KubeSphere platform’s related components and services. You are forbidden to delete this workspace.
Click Creare in the workspace list:
2.2. Logout and sign in with ws-admin after demo-workspace has been created. Then click View Workspace, select Worksapce Management → Members Management and click Invite Member.
2.3. Invite both project-admin and project-regular and grant them workspace-regular accordingly, click OK to save it. Now there are 3 members in the demo-workspace.
Step 3: Create a Project
3.1. Sign in with project-admin that we created in Step 1, then click Create and select Create a resource project.
3.2. Name it as demo-project and keep the advanced settings as the default values, then click Create.
3.3. Choosing Project Settings → Project Members and click Invite Member.
3.4. Invite to this project and grant this user operator accordingly.
Step 4: Set the Gateway
Before creating a route, you need to enable a gateway for this project.
4.1. We still use project-admin, Choose Project Settings → Internet Access and click Set Gateway.
4.2. Keep the access method as NodePort and click Save.
4.3. Now we are able to see the Gateway Address (192.168.0.88), the NodePort of http and https respectively.
Step 5: Create DevOps Project
5.1. In this step, click Projects and click Create Project button, then select Create a DevOps project.
5.2. Fill in the basic information, e.g. demo-devops, then click Create button, it will jump to demo-devops page.
5.3. Similarly, navigate to Project Management → Project Members, then click Invite Member and grant project-regular as the role of maintainer, which is used to create pipeline, credentials, etc.
