With the recent addition of support for GKE clusters, we now have a situation whereby many users can potentially add their own personal Kubernetes clusters to a Juju controller. So we now need a way to ensure that only users with permission to do so can add models to a cloud/cluster.
When a Kubernetes cluster is added (as a cloud), the owner has admin permission straight away. They can then grant
add-model permission (or
admin permission) to another user:
juju grant-cloud bob add-model myk8scloud
You can grant permission to many clouds at the same time:
juju grant-cloud bob add-model myk8scloud anotherk8scloud
The syntax here is the same as for the standard
juju grant command. And there’s also the corresponding
juju revoke-cloud command.
Note that previously the
add-model permission was granted to the controller. Although the old syntax is supported, it it translated to grant
add-model permission to the controller cloud itself. Thus the controller cloud and any added Kubernetes clusters are treated the same way in terms of how
add-model access is granted and revoked.