Skip to main content
Version: Next 🚧

Creating a custom role

As described in the Authorization reference, Epinio Roles are Kubernetes ConfigMaps with a particular label.

To create a role execute the kubectl command:

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
labels:
epinio.io/role: "true"
name: epinio-custom-role
namespace: epinio
data:
id: custom-role
name: "My Custom Role"
actions: |
app
configuration_read
service_read
EOF

After that restart the Epinio server pod to force Epinio to reload the extended set of roles. This is done by deleting the pod, causing the Epinio deployment to restart it:

kubectl delete pod -n epinio -l 'app.kubernetes.io/component=epinio-server'

Then, to assign the role to a user, update the user epinio.io/roles annotation:

# get the old roles assigned to te user
OLD_ROLES=$(kubectl get secrets -n epinio MY_USER -o jsonpath='{.metadata.annotations.epinio\.io/roles}')

# append the new role to them
kubectl annotate secret -n epinio --overwrite MY_USER "epinio.io/roles=$OLD_ROLES,custom-role"

Check the Authorization reference for the list of actions assignable to roles.