Giving Access to Users
Introduction
The table below enumerates various admin/user access to the entire deployment. This includes access to machines, Rancher, Kubernetes cluster as well as OpenG2P application.
Access matrix
Compute nodes
DevOps Super Admin
SSH Key
SSH into the node via private IP (via Wireguard) with the root user using SSH key
Users generate their own SSH Keys whose public keys are added to the nodes.
Wireguard node
DevOps Super Admin
SSH Key
SSH into the node via public IP with the root user using SSH key
Rancher (global)
Rancher Super Admin
Password
Open Rancher URL on browser and login via password
Individual cluster administrators can be created from Rancher UI.
Rancher (cluster)
Cluster Admin
Password
Open Rancher URL on browser and login via password
Users can be added and provided RBAC by Cluster Administrator using Rancher UI.
OpenG2P Application
Odoo Super Admin
Password
Open OpenG2P URL on browser and login via password
Users can be created and assigned fine-grained roles.
Wireguard access to users
The guide below provides steps to provide Wireguard access to users' devices (called peers). Note that the access must be provided to each unique device (like a desktop, laptop, mobile phone etc). Multiple logins with same conf file is not possible.
The Wireguard conf file MUST NOT be shared with any other users for security reasons.
Steps
Login to the Wireguard node via SSH.
Navigate to Wireguard conf folder
You will see several pre-created peer config files. You may assign any one of the file (not assigned before) to a new peer/user.
Edit
assigned.txt
file to assign a new the peer (client/user). Make sure a conf file is assigned to a unique user, already assigned file is never re-assigned to another user.Add the peers with name as mentioned below. Example:
Share the conf file with the peer/user securely. Example:
peer1/peer1.conf
Wireguard client installation
Follow the guide here.
Last updated