Hi all,
I have been using a Rancher 2.1.x install and created a custom GlobalRole so that the default user could not create a cluster
The Kubernetes yaml that I used is below and was working in Rancher 2.1 but is not working in a new Kubernetes 1.12.7 cluster with Rancher in a Docker container managing it
apiVersion: management.cattle.io/v3
description: "Default User No Cluster Create"
displayName: Custom User
kind: GlobalRole
metadata:
labels:
authz.management.cattle.io/bootstrapping: default-globalrole
cattle.io/creator: norman
name: custom-user
newUserDefault: true
rules:
- apiGroups:
- management.cattle.io
resources:
- principals
- roletemplates
verbs:
- get
- list
- watch
- apiGroups:
- management.cattle.io
resources:
- preferences
verbs:
- get
- list
- apiGroups:
- management.cattle.io
resources:
- settings
verbs:
- get
- list
- apiGroups:
- management.cattle.io
resources:
- templates
- templateversions
verbs:
- get
- list
- apiGroups:
- management.cattle.io
resources:
- principals
- roletemplates
verbs:
- get
- list
When i run the kubectl apply command, i get the following response
admin@kubmaster01:~$ kubectl apply -f rancher-default-user.yaml
error: unable to recognize "rancher-default-user.yaml": no matches for kind "GlobalRole" in version "management.cattle.io/v3"
admin@kubmaster01:~$
One main difference is that I used to run Rancher 2.1 within the Kubernetes cluster, and now run Rancher 2.2 in a separate Docker container
How can I create a GlobalRole so that the new users can not create a Rancher Cluster?
This is for Rancher 2.2.x