Global read-only Role

Andreas_Kappel · July 21, 2023, 6:31am

Hi,

I am looking for a way, to allow a group read-only permissions on all Clusters for all resources without having to add them to all clusters individually. I managed to create a global role where all clusters are visible, but no resource inside the cluster can be retrieved

I am using terraform to provision the role:

resource "rancher2_global_role" "cluster-readonly" {
  name = "Cluster Reader"
  rules {
    api_groups = ["*"]
    resources = ["*"]
    verbs = ["get","list","watch"]
  }
  rules {
    verbs = ["get","list","watch"]
    non_resource_urls = [ "*" ]
  }
}

Topic		Replies	Views
Custom read-only role Rancher 2.x	1	1064	September 2, 2021
How to give cluster access permissions based on cluster groups? Rancher 2.x	3	205	December 13, 2023
How to limit a user to view a set of clusters instead of ALL? Rancher 2.x	0	275	September 27, 2021
Advanced View Workloads Role Rancher 2.x	4	1486	May 24, 2023
Manage clusters with rancher without cluster-role? Rancher 2.x	1	305	July 4, 2022

Global read-only Role

Related Topics