Enable access and view cluster resources by namespace

This page explains how cluster or security administrators can restrict view access to cluster resources based on specific namespaces, and how users with restricted access can view these resources on console.

Enable namespace-restricted access to cluster resources

As a cluster administrator, you might want to provide restricted access to cluster resources for specific namespaces. This is a common scenario for organizations running multi-tenant Google Kubernetes Engine (GKE) clusters.

You can use tenant permissions to restrict user interactions with the cluster on console. You grant users the roles/container.clusterViewer IAM permission as well as role-based access control (RBAC) permissions to view resources in specific namespaces.

To learn more about using namespaces, see Organizing Kubernetes with Namespaces and Enterprise multi-tenancy best practices.

View namespace-restricted resources in console

If you have limited IAM or RBAC permissions and want to view namespace-restricted resources on console, follow these steps:

  1. Go to the Workloads page in console.

    Go to Workloads

  2. Click the Namespace drop-down list.

  3. Click Add namespace.

  4. Enter the namespace you want to access, then click Save.

  5. Click OK.

The list will be filtered to show the selected namespace.

Share saved views

You can also save the filtered list as a named saved view. The saved view will persist across sessions, and can be shared with other users.

To share a saved view, follow these steps:

  1. Select the saved view from the Saved view drop-down list.
  2. Next to the Saved view drop-down list, click , then click Share.
  3. Click to copy the URL in the Share view dialog. You can share this URL with other users who need access to the same cluster and namespaces.