Prism Central (PC) administrators with the "Prism Admin '' role have full access to Karbon and its functionalities. Performing most karbonctl operations requires admin privileges. PC admins that do not have the "Prism Admin '' role (Cluster Admin and Viewer) can only access Karbon to download the kubeconfig and cannot perform any other administrative tasks. See "User Management" in the Prism Web Console Guide for steps on assigning roles.

Nutanix requires configuring Karbon users for a directory service in Prism. See Security Management in the Prism Web Console Guide for directions on configuring a directory service.

After setting up and testing your cluster, configure role-based access control (RBAC), see Kubernetes documentation for reference.

Accessing Locked nodes

Karbon protects all nodes in a cluster. You can access nodes in a Kubernetes cluster using an ephemeral certificate, which expires after 24-hours. Perform the following steps to get a certificate.

Procedure

1. In the Clusters view, select the target cluster.

2. Click the SSH Access button.

3. In the Node SSH Access window, click Download to download and save the SSH access script to your client.

4. Run the following command. sh <cluster_name>-ssh-access.sh.

5. When prompted, enter the IP of any node in the cluster to get access to all nodes. Karbon grants the user a private key.

6. Log on to the target node as a Nutanix user using the command line.