This section outlines the Role Based Access Control (RBAC) that is associated with roles and rights required for tenants to perform the life cycle management of Tanzu Kubernetes Grid clusters.

Grant Rights to Tenant Users

This section details the Kubernetes Clusters rights bundle, and Kubernetes Cluster Author role that are created during the VMware Cloud Director Container Service Extension 4.0 server configuration process.

Table 1. Right bundles and roles for Tanzu Kubernetes Grid clusters

Right Bundle or Role

Description
Kubernetes Clusters rights bundle This rights bundle grants users the required rights for managing Tanzu Kubernetes Grid clusters. By default, this right bundle automatically publishes to all tenants. Service providers have the ability to publish and unpublish this rights bundle to specific tenants afterwards. For more information, see Publish or Unpublish a Rights Bundle.
Kubernetes Cluster Author role Assign this role to a user to manage Kubernetes clusters. For more information, see Assign Kubernetes Cluster Author Role to Tenant Users.

In order for organization administrators to view all of the clusters in an organization, it is necessary to grant the user the Administrator View: VMWARE:CAPVCDCLUSTER right.

Service providers must inform organization administrators that existing VMware Cloud Director Container Service Extension tenant users must be reassigned to the new Kubernetes Cluster Author role that is created in VMware Cloud Director Container Service Extension 4.0.