I'm looking to deploy a Proxmox cluster in an environment where we would want to give every user and group/project their own mini-environment.
For both compute and storage, this has been relatively easy as RBAC support for those resource types is mature, however I've been struggling to work out how to get things working for SDN.
While I am able to create an SDN Zone for each user/group, and then create VNet within each zone with delegated permissions, I've not been able to find a way to delegate control of the entire zone. Ideally this would be done in such a way that users would not be able to change the zone configuration entirely (as it would be desirable to have any cluster networking only managed by admins), but only such that they can create as many VNets as they need within their delegated zone.
Am I just missing an option, or is this sort of setup not possible in Proxmox currently? It would definitely be a deal breaker as having only one VNet per person/project creates problems security/isolation wise, and making admins manage VNets would cause too much work.
For both compute and storage, this has been relatively easy as RBAC support for those resource types is mature, however I've been struggling to work out how to get things working for SDN.
While I am able to create an SDN Zone for each user/group, and then create VNet within each zone with delegated permissions, I've not been able to find a way to delegate control of the entire zone. Ideally this would be done in such a way that users would not be able to change the zone configuration entirely (as it would be desirable to have any cluster networking only managed by admins), but only such that they can create as many VNets as they need within their delegated zone.
Am I just missing an option, or is this sort of setup not possible in Proxmox currently? It would definitely be a deal breaker as having only one VNet per person/project creates problems security/isolation wise, and making admins manage VNets would cause too much work.
Last edited: