How to create a custom Project RBAC role to grant log access and exec permission on Pods, in a Rancher v2.x managed cluster
This document (000020073) is provided subject to the disclaimer at the end of this document.
Situation
Task
This article details how to create a custom Project RBAC role to grant log access and exec permission on Pods, in a Rancher v2.x managed Kubernetes cluster.
Pre-requisites
- A Rancher v2.x managed Kubernetes cluster
Resolution
In Rancher v2.x you can create a custom Project Role that provides the permissions to enable a user to view Pods, Pod logs and to exec into Pods. You can then grant this role to users on Projects to provide them this access where necessary.
-
Navigate to Security -> Roles from the Global namespace.
-
From the Projects tab, select Add Project Role.
-
Provide a name for the role.
-
Under Grant Resources, select Add Resource and fill in the information for each of the following:
Permission(s) Resource Create pods/exec Get, List pods Get, List pods/log -
Select Create at the bottom.
Further reading
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020073
- Creation Date: 06-May-2021
- Modified Date:06-May-2021
-
- SUSE Rancher
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com