Skip to content

[Docs] Add Kubernetes cluster permissions guide #16649

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Copilot wants to merge 4 commits into
base: master
Choose a base branch
from
Open

[Docs] Add Kubernetes cluster permissions guide #16649

Copilot wants to merge 4 commits into from
+337 −1

Conversation

Copy link
Contributor

Copilot AI commented Dec 11, 2025
edited
Loading

Meshery requires specific kubeconfig permissions to connect to and manage Kubernetes clusters, but these requirements were undocumented. At minimum, read access to kube-system namespace is required for cluster identification.

Changes

New Infrastructure Management Guide

  • kubernetes-cluster-permissions.md: Comprehensive guide covering minimum and full management permissions, complete RBAC examples, permission levels for different use cases, security considerations, and troubleshooting guide
  • Location: Placed in guides/infrastructure-management/ as a grandchild under "Managing Connections" for better discoverability

Key Content Areas

  • Minimum permissions: Read access to kube-system namespace (Meshery uses the namespace UID as unique cluster identifier)
  • Full management permissions: Namespace management, Operator/MeshSync/Broker deployment, RBAC setup, resource discovery
  • Complete RBAC examples: ClusterRole, ServiceAccount, and kubeconfig generation
  • Permission levels: Read-only monitoring, standard management, namespace-scoped access
  • Troubleshooting: Common permission issues and resolution steps

Integration Points

  • Updated quick-start.md with permissions alert in cluster connection section
  • Updated kubernetes.md prerequisites to reference permissions documentation
  • Updated lifecycle-management.md with Kubernetes permissions notice
  • Added navigation entry in toc.yml under Infrastructure Management → Managing Connections

Technical Basis

Analysis of connection handling code confirmed:

  • server/models/k8s_context.go: Queries kube-system namespace UID for cluster identification
  • server/models/meshery_controllers.go: Deploys Operator to meshery namespace by default
  • MeshSync requires broad read access for cluster-wide resource discovery
# Minimum required for cluster connection
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: meshery-minimum-access
rules:
- apiGroups: [""]
  resources: ["namespaces"]
  resourceNames: ["kube-system"]
  verbs: ["get"]
Original prompt

This section details on the original issue you should resolve

<issue_title>[Docs] Add docs for specfying the permissions that the kubeconfig needs to connect to meshery</issue_title>
<issue_description>### Current State

  • the kubeconfig needs at least access to kubesystem namespace to be able to connected by meshery

analyze the connection and statemachines code to see what other access permissions are necessary .

Desired State

NOTE: If this issue involves adding a new page or moving the location of an existing page, please make sure the sidebar and homepage navigation are updated accordingly. As appropriate, update _data/toc.yml and pages/index.md.

Contributor Guides and Handbook

Comments on the Issue (you are @copilot in this section)

Custom agent used: Meshery Docs Contributor
Expert-level documentation agent specialized in contributing to Meshery's Jekyll-based documentation site with deep knowledge of technical writing, information architecture, and the Meshery ecosystem.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@aabidsofi19
[Docs] Add comprehensive kubeconfig permissions documentation
122a9f7 
Co-authored-by: aabidsofi19 <65964225+aabidsofi19@users.noreply.github.com>
Copilot AI changed the title [WIP] Add documentation for kubeconfig permissions in meshery [Docs] Add Kubernetes cluster permissions reference Dec 11, 2025
Copilot AI requested a review from aabidsofi19 December 11, 2025 19:41
@leecalcote leecalcote marked this pull request as ready for review December 11, 2025 23:08
@github-actions github-actions bot added the area/docs Documentation update needed label Dec 11, 2025
@github-actions
Copy link

github-actions bot commented Dec 11, 2025
edited
Loading

View in catalog, Edit in playground or learn how to interpret Meshery Designs

leecalcote
leecalcote reviewed Dec 11, 2025
View reviewed changes
docs/pages/reference/kubernetes-cluster-permissions.md Outdated
---
layout: default
title: Kubernetes Cluster Permissions
permalink: reference/kubernetes-cluster-permissions
Copy link
Member

@leecalcote leecalcote Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot find an alternate location in Meshery Docs outside of the reference section for this information.

Copy link
Contributor Author

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved the documentation to guides/infrastructure-management/kubernetes-cluster-permissions.md and placed it under the "Managing Connections" section in the Infrastructure Management guides. This location is more appropriate as it's directly related to connecting and managing Kubernetes clusters. All internal references have been updated. (19b53b5)

@leecalcote
[Docs] Move Kubernetes cluster permissions to Infrastructure Manageme…
19b53b5 
…nt guides

Co-authored-by: leecalcote <7570704+leecalcote@users.noreply.github.com>
Copilot AI changed the title [Docs] Add Kubernetes cluster permissions reference [Docs] Add Kubernetes cluster permissions guide Dec 11, 2025
Copilot AI requested a review from leecalcote December 11, 2025 23:43
@l5io
Copy link
Member

l5io commented Dec 17, 2025

🚀 Preview for commit d9e7b9c at: https://6942931a465431137964b3e7--meshery-docs-preview.netlify.app

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aabidsofi19 aabidsofi19 Awaiting requested review from aabidsofi19

@leecalcote leecalcote Awaiting requested review from leecalcote

At least 1 approving review is required to merge this pull request.

Assignees

@aabidsofi19 aabidsofi19

Copilot code review Copilot

Labels

area/docs Documentation update needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Docs] Add docs for specfying the permissions that the kubeconfig needs to connect to meshery

4 participants

@l5io @leecalcote @aabidsofi19