Share clusters
With Portworx Backup, you can now easily share clusters with designated users, centralizing cluster creation operations among a limited group while enabling others to reuse these clusters. The cluster sharing feature offers a simplified approach, providing fine control where multiple users or groups can access the cluster as a shared resource.
Any Portworx Backup user can share the clusters they own with others, enabling them to perform backup, restore and schedule operations. This feature enhances cluster-sharing capabilities while maintaining secure control and flexibility across user roles and operations.
Previously, clusters were only accessible to the users who created them, limiting access for others and requiring the potentially risky sharing of sensitive kubeconfig information. With the cluster share feature, kubeconfig and cloud credentials remain secure and hidden from shared users, ensuring better protection and controlled access.
What is cluster share?
- Cluster owner (any Portworx Backup user) can share the cluster with the intended users regardless of their role.
- Cluster owner can share their clusters with more than one user or a group at a time. They can add more users/groups later to make the cluster accessible to wider audience.
- Cluster share feature is scalable and the cluster owner can share their cluster with any number of users/groups.
- Cluster owner can revoke the access to the shared cluster from a user or group if the need arises.
- A super administrator (new role introduced in Portworx Backup 2.8.0 version) can share access to both a self-owned cluster or a non-owned cluster to any other user of Portworx Backup.
- Cluster owner can share the cluster with other users either through web console or API or CLI.
- Shared user can perform the following operations on the shared cluster:
- Create backups of shared namespaces and VMs on the shared cluster or any cluster
- Create backup schedules for the shared backups
- Restore cluster owner's and self-owned backups
- Shared users can create backups, backup schedules and restores on the shared clusters. Cluster owners will not have implicit access to the shared users' resources on the cluster though they own it. In other words, cluster owner can gain access to the resources only if they are shared to the cluster owner by shared users, unless the owner is a super administrator.
The following table outlines the visibility and access permissions that a shared user gets when cluster owner shares a cluster:
| Role | Resource | Visibility | Access Permissions |
|---|---|---|---|
| Shared User | Namespaces | Existing and future namespaces | Full Access |
| VMs | Existing and future VMs | Full Access | |
| Backups | Visible only if shared explicitly | Restore-Only |
You cannot share a cloud cluster with users/groups unless you own the associated cloud credentials.
A cluster owner can only share self-owned backups with Share Cluster Backups option with the shared user.
How to share a cluster
To share a cluster with the required users, perform the following tasks:
-
In the home page, from the left navigation pane, click Clusters.
Alternatively, to share the clusters with intended users/groups, you can also:
- Click the share icon towards the end of the cluster row.
OR - Click the vertical ellipsis at the end of cluster row and select Share.
- Click the share icon towards the end of the cluster row.
-
In the top-right corner, click Share Cluster. The Share Cluster window opens.
- Clusters select the cluster you want to share, you can select only one cluster to share at a time with one or multiple users/groups
- Add Users/Groups: You can add any required number of users/groups to provide access to the cluster that you want to share
- Groups: lists the group(s) with whom you want to share the clusters
- Users: lists the user(s) with whom you want to share the clusters
- Share Backups check box: select this check-box only if you have to share existing and future backups that you own for the cluster.
note- You can only share the backups you have created with the required users/groups and not other user's backups that reside on your cluster.
- If you also own the backup location, these backups will be shared with restore-only access; otherwise, they will be shared with view-only access.
-
After adding the intended users/groups for cluster share, click Share.
After the cluster is shared successfully with intended users and/or groups, you will see a share icon at the end of the cluster row as shown below. If you want some more users and groups to access this cluster, click on the share icon at the end of the cluster row as shown here:
Note that you can only share one cluster at a time with the required users.
How to unshare a cluster
Perform the following steps to unshare a cluster from a user:
-
In the home page, from the left navigation pane, click Clusters.
Alternatively, to unshare the clusters with intended users/groups, you can also:
-
In the Clusters page, identify the cluster you want to unshare from a user or user group and click the Share Management icon towards the end of the cluster row:
OR
Click the vertical ellipsis at the end of cluster row and select Share.
The Share Cluster window opens.
-
Identify the user(s) or user group(s) from whom you want to unshare the cluster and click the delete icon for the user(s) and/or user group(s) as shown in here:
-
Click Share.
This unshares the cluster from the intended user(s) and/or user group(s).
Points to remember
- Shared users cannot share the cluster with other users.
- Only a super administrator or cluster owner can delete the clusters.
Related topics: