I am trying to provide a reasonable level of access to our Developers that includes the ability to View all status and logs, execute shell and scale up/down their Deployments but not to edit the deployment itself as we are generating templated Deployments and exposing them with Istio
Running Rancher 2.1.8 as a Docker container
I have dug pretty deep in to the Kubernetes ClusterRoles within the Rancher container and created a custom one named “developer” but it is not showing up as a Rancher Role that can be inherited.
Kubernetes View, Read-Only, Edit and Admin are showing up but not the Developer role that I have created.
How would I map this custom Kubernetes ClusterRole to a Rancher Project Role?
I have noticed that in a Rancher Project Role you can add in specific Kubernetes ClusterRole settings such as “pods/exec” and “deployments/scale”. The “pods/exec” seems to be working correctly, however the “deployments/scale” does not seem to work.
I assigned a user to a Project with the Rancher Project Role, logged out, logged in as that user and attempted to scale down a Deployment and was Denied with the error message
" Error updating scale deployments.apps “rm-dev-nso-cfs-deployment” is forbidden: User “u-3anxqzucwx” cannot update resource “deployments” in API group “apps” in the namespace “rm-dev”"
Does the kubernetes role deployments/scaling require update access to the deployments role also?