Dashboard
Introduction
Accounts for the Traefik Hub Dashboard are separated accounts and not connected to API user or API consumer credentials.
The API Manager uses the Traefik Hub Dashboard to administrate workspaces, APIs, user and group management:
- Add, edit, and remove Traefik Hub Gateways.
- Configure IdP.
- Set member roles.
Workspace Roles
Workspace roles are predefined according to varying access needs. You can manage member's roles in your workspace.
Workspace roles:
- Viewer: Can view all resources in a workspace
- Editor: In addition to the Viewer permissions, an Editor can manage resources. Editors can adjust, add and delete resources in a workspace
- Admin: In addition to the Editor role, an Admin can manage members of a workspace. You can have multiple Admins for a workspace
Permissions Overview
| Permission | Viewer | Editor | Admin |
|---|---|---|---|
| Read resources | ✅ | ✅ | ✅ |
| Edit resources | ✅ | ✅ | |
| Manage workspace | ✅ |
Admins and Editors can only edit and delete a resource if it was created on the Online Dashboard rather than via a GitOps tool. See here for more information.
Account Management
If you want to change the role of a member, for example from Admin to Editor, select the three dots next to the member name and choose
Change role.
Choose the Editor role from the drop-down and select Save.
Now the new role is applied to the workspace member.
Resource Ownership & Editability
Traefik Hub distinguishes between resources (such as an API, a version, a collection, etc.) created through the Online Dashboard and those managed externally at the cluster level (GitOps). This design helps prevent users from accidentally modifying resources that are not intended to be managed from the dashboard or lose their UI-based changes with the next GitOps reconciliation in the cluster.
Read-Only Resources
- Resources created via a GitOps tool appear as read-only in the Online Dashboard.
- If a resource is created via the Online Dashboard and later edited using a GitOps tool at the cluster level, it automatically becomes read-only on the dashboard.
- Read-only resources (or those created externally) are marked with a Kubernetes logo.
Editable Resources
- Resources created directly through the Online Dashboard are editable (read and write) from both the dashboard and the GitOps tool.
- These resources are marked with a monitor-like logo to indicate how it is managed.
- At the cluster level, describing your Traefik Hub CRDs reveal the label
app.kubernetes.io/managed-by=traefik-hub. This indicates that the resource was created via the Traefik Hub Online Dashboard and is managed through it. If the value of the label is changed or the label is removed, the resource becomes read-only via the Online Dashboard.
