AppsCode
  • KubeDB

    Run Production-Grade Databases on Kubernetes

    KubeStash New

    Backup and Recovery Solution for Kubernetes

    Stash

    Backup and Recovery Solution for Kubernetes

    KubeVault

    Run Production-Grade Vault on Kubernetes

    Voyager

    Secure Ingress Controller for Kubernetes

    ConfigSyncer

    Kubernetes Configuration Syncer

    Guard

    Kubernetes Authentication WebHook Server

    KubeDB

    KubeDB simplifies Provisioning, Upgrading, Scaling, Volume Expansion, Monitor, Backup, Restore for various Databases in Kubernetes on any Public & Private Cloud

    • check-boxLower administrative burden
    • check-boxNative Kubernetes Support
    • check-boxPerformance
    • check-boxAvailability and durability
    • check-boxManageability
    • check-boxCost-effectiveness
    • check-boxSecurity
    kubestash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    Stash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    KubeVault

    KubeVault is a Git-Ops ready, production-grade solution for deploying and configuring Hashicorp's Vault on Kubernetes.

    • check-boxVault Kubernetes Deployment
    • check-boxAuto Initialization & Unsealing
    • check-boxVault Backup & Restore
    • check-boxConsume KubeVault Secrets with CSI
    • check-boxManage DB Users Privileges
    • check-boxStorage Backend
    • check-boxAuthentication Method
    • check-boxDatabase Secret Engine
    Voyager

    Secure Ingress Controller for Kubernetes

    • check-boxHTTP & TCP
    • check-boxSSL
    • check-boxPlatform support
    • check-boxHAProxy
    • check-boxPrometheus
    • check-boxLet's Encrypt
    configsyncer

    Kubernetes Configuration Syncer

    • check-boxConfiguration Syncer
    Guard

    Kubernetes Authentication WebHook Server

    • check-boxIdentity Providers
    • check-boxCLI
    • check-boxRBAC
  • RESOURCES
  • Webinar New
CONTACT SALES
kubestash
github-icon twitterx-icon
TRY NOW FREE
  • Welcome
  • Concepts
  • Setup
  • Guides
  • Elasticsearch
    MariaDB
    MySQL
    PostgreSQL
  • KubeStash Operator
    KubeStash CLI
  • FAQ
You are looking at the documentation of a prior release. To read the documentation of the latest release, please visit here.

KubeStash with RBAC Enabled Cluster

KubeStash comes with built-in support for RBAC enabled cluster. KubeStash installer create a ClusterRole and ClusterRoleBinding giving necessary permission to the operator.

Operator Permissions

KubeStash operator needs the following RBAC permissions,

API GroupsResourcesPermissions
apiextensions.k8s.iocustomresourcedefinitionsget, create, patch, update
admissionregistration.k8s.iomutatingwebhookconfigurations, validatingwebhookconfigurations*
core.kubestash.com**
storage.kubestash.com**
config.kubestash.com**
addons.kubestash.com**
kubedb.com**
catalog.kubedb.comelasticsearchsget, list, watch
elasticsearch.kubedb.comelasticsearchdashboardslist
appcatalog.appscode.com*get, list, watch
appsdaemonsets, replicasets, statefulsetsget, list, watch
appsdeploymentsget, list, watch, create, patch, update
batchjobs, cronjobsget, list, watch, create, patch, update, delete
""eventscreate
""persistentvolumeclaims, persistentvolumesget, list, watch, create, patch, delete, update
""services, endpoints, podsget, list, watch
""secretsget, list, create, patch, watch, delete
""nodes, namespacesget, list, watch
""pods/execcreate
""serviceaccountsget, list, watch, create, delete, patch, update
rbac.authorization.k8s.ioclusterroles, roles, rolebindings, clusterrolebindingsget, list, watch, create, delete, patch, update
apps.openshift.iodeploymentconfigsget, list, watch, patch
policypodsecuritypoliciesuse
snapshot.storage.k8s.io**
storage.k8s.iostorageclassesget, list, watch

Here,

  • "" in API Group column means core API groups.
  • * in Resources colum means all resources.
  • * in Permission colum means all permissions.

User facing ClusterRoles

KubeStash introduces custom resources, such as, BackupConfiguration, BackupSession, BackupStorage, RestoreSession, Function, and Addon etc. KubeStash installer will create 2 user facing cluster roles:

ClusterRoleAggregates ToDescription
appscode:kubestash-kubestash-operator:editadmin, editAllows edit access to KubeStash CRDs.
appscode:kubestash-kubestash-operator:viewviewAllows read-only access to Stash CRDs

These user facing roles supports ClusterRole Aggregation feature in Kubernetes 1.9 or later clusters.

What's on this Page

Search
Improve This Page