Skip to main content
Version: v4.3

Create teams in the platform

Teams in the platform provide a way to organize users and manage permissions collectively. Instead of assigning permissions to individual users, you can create teams, add users to these teams, and then assign permissions to the entire team. This approach streamlines access management and creates a more scalable permission structure.

Create a team​

Teams provide the foundation for a scalable permission model in vCluster platform, allowing you to manage access for groups of users efficiently.

  1. Select the Users field on the left menu bar.

  2. Click the Teams button on the User Management screen.

  3. Click the button.

  4. In the drawer that appears from the right, give your new team a name by replacing the 'my-team' placeholder name, or by updating the manifest YAML 'metadata.name' field.

  5. [Optional] Update the team with any additional desired configuration options.

    1. The Team Members tab contains settings that govern which users or groups are members of this team. The Users as Members selector allows you to include individual users directly into the team, while the SSO Groups as Members allows you to include users whose standard kubernetes groups (clusterroles) match the provided values set here.

    2. Advanced Options allow for configuring cluster roles that apply to this team, as well as Image Pull Secrets, that allow users in this team to automatically receive the provided image pull secrets upon logging into vCluster Platform (via the vCluster CLI).

    3. Access allows you to define which users and teams have access to modify the team you are currently creating.

  6. Click on the button.

Team configuration options​

When creating a team, you can configure several important settings:

Team membership​

The Team Members tab controls which users belong to your team:

  • Users as Members: Add individual users directly to the team.
  • SSO Groups as Members: Include users based on their standard Kubernetes groups (ClusterRoles). Users whose group memberships match the values you set here, automatically become members of this team.

This dual approach allows for both manual user assignment and automatic, identity-based team membership through your SSO provider.

Advanced options​

The Advanced Options section lets you configure:

  • Cluster Roles: Define which Kubernetes cluster roles apply to all members of this team.
  • Image Pull Secrets: Configure registry credentials that team members automatically receive upon logging into vCluster Platform through the vCluster CLI.

Image pull secrets are particularly valuable for teams working with private container registries, as they eliminate the need to manually configure registry access for each user.

Access controls​

The Access section determines who can modify the team you're creating:

  • Specify which users and other teams have permission to edit this team's settings, add or remove members, or delete the team.
  • These controls implement a permission model for managing the team itself.

Integration​

Teams in the platform integrate directly with Kubernetes Role-Based Access Control (RBAC) system. When you create a team:

  1. The platform creates corresponding RBAC objects in the underlying Kubernetes cluster.
  2. Any cluster roles assigned to the team automatically apply to all team members.
  3. Team memberships propagate to all virtual clusters managed by the platform.

This integration means that teams defined in vCluster platform affect permissions across all managed environments while maintaining Kubernetes-native security controls.

  • Project teams: Create teams that align with your organizational projects to give all team members appropriate access to relevant resources.
  • Role-based teams: Form teams based on roles (developers, operators, administrators) to standardize permissions across your organization.
  • Cross-functional teams: Create teams that span traditional organizational boundaries to support DevOps and platform engineering approaches.