Rancher/Kubernetes role to redeploy/scale deployments but not edit config?

Hi All,

Are there any kubernetes or rancher role privileges that might allow a user to scale up/down or redeploy a Deployment, but not allow them to edit the configuration (volumes, ports etc)?

Currently the users in the Rancher projects are inheriting the Kuberentes View role which does not allow scaling or editing, but the Kubernetes Edit role allows scaling but also Editing. Is there something that would allow just the Scaling privilege but not the Editing?
Or are they inherently linked?

Why? Our developers are not very well versed in Kubernetes and I am providing some templated Deployment configs for specific applications which will break if their ports/volumes etc are changed

I have been looking at this page


under the “Creating custom roles” section

Thanks in advance!

Not directly, no. There is no field-level RBAC in kubernetes, so a user can either update the entire definition of a resource or none of it.

You could construct something with the API that only allows the kinds of changes you want to making. Or if you just want to make it inconvenient (but not actually prevented by the API) you could fork the UI and just remove the edit action…

(We can’t really add that sort of thing and really enforce it without breaking the ability to use native kubectl pointed directly at the cluster.)

Thanks for the quick reply Vincent, much appreciated