Jump to content

Connect SuperML | Leeroopedia MCP: Equip your AI agents with best practices, code verification, and debugging knowledge. Powered by Leeroo — building Organizational Superintelligence. Contact us at founders@leeroo.com.

Implementation:Kubeflow Pipelines View Edit Cluster Roles

From Leeroopedia
Knowledge Sources
Domains Multi_Tenancy, RBAC, Kubernetes
Last Updated 2026-02-13 14:00 GMT

Overview

Aggregated ClusterRoles defining KFP-specific view and edit permissions that integrate with Kubeflow's RBAC aggregation system for multi-user access control.

Description

This manifest (142 lines) creates four ClusterRoles implementing Kubeflow's RBAC aggregation pattern: (1) kubeflow-pipelines-edit aggregates into `kubeflow-edit`; (2) kubeflow-pipelines-view aggregates into both pipelines-edit and `kubeflow-view`; (3) aggregate-to-kubeflow-pipelines-edit grants create/delete/update on pipelines, experiments, runs, jobs, plus full access to Argo workflow resources; (4) aggregate-to-kubeflow-pipelines-view grants read access to pipelines, experiments, runs, jobs, viewers, and visualizations.

Usage

Applied during multi-user KFP deployment. These roles are automatically bound to users through Kubeflow's profile system, providing editors write access and viewers read-only access.

Code Reference

Source Location

Signature

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: kubeflow-pipelines-edit
  labels:
    rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true"
aggregationRule:
  clusterRoleSelectors:
  - matchLabels:
      rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pipelines-edit: "true"
---
# kubeflow-pipelines-view, aggregate-to-kubeflow-pipelines-edit,
# aggregate-to-kubeflow-pipelines-view follow similar pattern

Import

kubectl apply -f view-edit-cluster-roles.yaml

I/O Contract

Inputs

Name Type Required Description
Kubernetes cluster cluster Yes Cluster with RBAC enabled

Outputs

Name Type Description
Edit ClusterRole RBAC Write access to KFP and Argo resources
View ClusterRole RBAC Read-only access to KFP resources

Usage Examples

Checking User Permissions

# Verify ClusterRoles are created
kubectl get clusterroles | grep kubeflow-pipelines

# Check what permissions edit role grants
kubectl describe clusterrole aggregate-to-kubeflow-pipelines-edit

# Test user access
kubectl auth can-i create pipelines --as=user@example.com -n user-namespace

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Implementation:Kubeflow_Pipelines_View_Edit_Cluster_Roles&oldid=8215"