Connecting to multiple k8s clusters as targets via boundary

Hi All,

I am very to new to Hashicorp boundary, Just started with it. Looks very interesting. I was able to setup boundary in k8s and access one of the pod via boundary controller and also integrated with OIDC which is fine. however now I am try to achieve the below requirement. is it possible? if so how?

  • using k8s clusters as my targets(under hostsets → hosts).
  • grouping these clusters based on cloud provider & environment. For ex: all the aws eks dev clusters & OKE Dev clusters should be created under one Group. I believe this is possible by grouping clusters using hostsets(Dev hostset, Acceptance hostse etc etc). Correct me if i am wrong.
  • Restricting the endusers to specific clusters for ex: “dev admins” should have access only to “Dev clusters”.
  • is it possible to leverage the existing role,rolebinding k8s rbac functionality here.

What are you trying to restrict – who can administer the clusters using kubectl, who can access apps running in the cluster, or something else?

I think the most effective thing is going to be to have one or more targets that use the appropriate host set(s) for the target clusters and then restrict who is authorized to connect to those targets. There’s generally no need for end users to have any permissions at all on host sets as far as I know. (You might want them to be able to read host sets/hosts just so they can use the -host option when connecting to a target via the CLI.)