Rancher 2.2.1 GlobalRole changes

Hi all,

I have been using a Rancher 2.1.x install and created a custom GlobalRole so that the default user could not create a cluster

The Kubernetes yaml that I used is below and was working in Rancher 2.1 but is not working in a new Kubernetes 1.12.7 cluster with Rancher in a Docker container managing it


apiVersion: management.cattle.io/v3
description: "Default User No Cluster Create"
displayName: Custom User
kind: GlobalRole
metadata:
  labels:
    authz.management.cattle.io/bootstrapping: default-globalrole
    cattle.io/creator: norman
  name: custom-user
newUserDefault: true
rules:
- apiGroups:
  - management.cattle.io
  resources:
  - principals
  - roletemplates
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - management.cattle.io
  resources:
  - preferences
  verbs:
  - get
  - list
- apiGroups:
  - management.cattle.io
  resources:
  - settings
  verbs:
  - get
  - list
- apiGroups:
  - management.cattle.io
  resources:
  - templates
  - templateversions
  verbs:
  - get
  - list
- apiGroups:
  - management.cattle.io
  resources:
  - principals
  - roletemplates
  verbs:
  - get
  - list

When i run the kubectl apply command, i get the following response

admin@kubmaster01:~$ kubectl apply -f  rancher-default-user.yaml
error: unable to recognize "rancher-default-user.yaml": no matches for kind "GlobalRole" in version "management.cattle.io/v3"
admin@kubmaster01:~$

One main difference is that I used to run Rancher 2.1 within the Kubernetes cluster, and now run Rancher 2.2 in a separate Docker container

How can I create a GlobalRole so that the new users can not create a Rancher Cluster?
This is for Rancher 2.2.x