Hi,
I am looking for a way, to allow a group read-only permissions on all Clusters for all resources without having to add them to all clusters individually. I managed to create a global role where all clusters are visible, but no resource inside the cluster can be retrieved
I am using terraform to provision the role:
resource "rancher2_global_role" "cluster-readonly" {
name = "Cluster Reader"
rules {
api_groups = ["*"]
resources = ["*"]
verbs = ["get","list","watch"]
}
rules {
verbs = ["get","list","watch"]
non_resource_urls = [ "*" ]
}
}