Skip to main content
Version: 3.0

Share Clusters

Applicable to both Classic and Federated modes

With Portworx Backup, you can now easily share clusters with designated users, centralizing cluster creation operations among a limited group while enabling others to reuse these clusters. The cluster sharing feature offers a simplified approach, providing fine control where multiple users or groups can access the cluster as a shared resource.

Any Portworx Backup user can share the clusters they own with others, enabling them to perform backup, restore and schedule operations. This feature enhances cluster-sharing capabilities while maintaining secure control and flexibility across user roles and operations.

Previously, clusters were only accessible to the users who created them, limiting access for others and requiring the potentially risky sharing of sensitive kubeconfig information. With the cluster share feature, kubeconfig and cloud credentials remain secure and hidden from shared users, ensuring better protection and controlled access.

Prerequisites

  • You must own the cluster or have a super-admin role to share it.
  • For cloud clusters, you must own the associated cloud credentials to share them with other users.
  • The users or groups you want to share with must already exist in Portworx Backup.

What is cluster share?

  • Cluster owner (any Portworx Backup user) can share the cluster with the intended users regardless of their role.
  • Cluster owner can share their clusters with more than one user or a group at a time. They can add more users/groups later to make the cluster accessible to a wider audience.
  • Cluster share feature is scalable and the cluster owner can share their cluster with any number of users/groups.
  • Cluster owner can revoke the access to the shared cluster from a user or group if the need arises.
  • A super administrator (a role introduced in Portworx Backup 2.8.0) can share access to either a self-owned cluster or a non-owned cluster with any other Portworx Backup user.
  • Cluster owner can share the cluster with other users through the web console, API, or CLI.
  • Shared user can perform the following operations on the shared cluster:
    • Create backups of shared namespaces and VMs on the shared cluster or any cluster
    • Create backup schedules for the shared namespaces and VMs
    • Restore cluster owner's and self-owned backups
  • Shared users can create backups, backup schedules, and restores on the shared clusters. Cluster owners do not have implicit access to the shared users' resources on the cluster, even though they own the cluster. A cluster owner can gain access to those resources only if the shared users share them with the cluster owner, unless the owner is a super administrator.

The following table outlines the visibility and access permissions that a shared user gets when cluster owner shares a cluster:

RoleResourceVisibilityAccess Permissions
Shared UserNamespacesExisting and future namespacesFull Access (create backups, backup schedules, and restores)
VMsExisting and future VMsFull Access (create backups, backup schedules, and restores)
BackupsVisible only if shared explicitlyRestore-Only
note

You cannot share a cloud cluster with users/groups unless you own the associated cloud credentials.

note

A cluster owner can only share self-owned backups with Share Cluster Backups option with the shared user.

How to share a cluster

To share a cluster with the required users, perform the following tasks:

  1. On the home page, from the left navigation pane, click Clusters.

    Alternatively, to share the clusters with intended users/groups, you can also:

    • Click the share icon towards the end of the cluster row.
      OR
    • Click the vertical ellipsis at the end of cluster row and select Share.

  2. In the top-right corner, click Share Cluster. The Share Cluster window opens.

    • Clusters: select the cluster you want to share. You can select only one cluster to share at a time with one or multiple users/groups.
    • Add Users/Groups: You can add any required number of users/groups to provide access to the cluster that you want to share
    • Groups: lists the group(s) with whom you want to share the clusters
    • Users: lists the user(s) with whom you want to share the clusters
    • Share Backups check box: select this check box only if you want to share existing and future backups that you own for the cluster.
    note
    • You can only share the backups you have created with the required users/groups and not other user's backups that reside on your cluster.
    • When you share a backup with users or groups, If you own the BackupLocation and CloudCredential, the users receive restore-only access and Portworx Backup also shares the associated BackupLocation and CloudCredential to the users or group. If you don't own them but the intended users already have access to the BackupLocation and CloudCredential, they receive restore-only access. However, if you don't own the BackupLocation and CloudCredential and the intended users don't have access to them, the users are granted view-only access to the backup.

  3. After adding the intended users/groups for cluster share, click Share.

    After the cluster is shared successfully with the intended users and/or groups, a share icon appears at the end of the cluster row. To give additional users and groups access to this cluster, click the share icon at the end of the cluster row:

    Note that you can only share one cluster at a time with the required users.

How to unshare a cluster

Perform the following steps to unshare a cluster from a user:

  1. On the home page, from the left navigation pane, click Clusters.

  2. On the Clusters page, identify the cluster you want to unshare from a user or user group and click the Share Management icon towards the end of the cluster row:

OR

Click the vertical ellipsis at the end of cluster row and select Share.

The Share Cluster window opens.

  1. Identify the user(s) or user group(s) from whom you want to unshare the cluster and click the delete icon for the user(s) and/or user group(s) as shown here:

    note

    If you selected the Do you also want to share your backups with new users and groups option when sharing the cluster, this setting remains enabled (checked) when you later choose to unshare the cluster from those users and/or groups. If you did not select it initially, the option remains disabled.

  2. Click Share.

This unshares the cluster from the intended user(s) and/or user group(s).

Points to remember

  1. Shared users cannot share the cluster with other users.
  2. Only a super administrator or cluster owner can delete the clusters.

Related topics:

Last updated on