https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# general
a
This message was deleted.
q
Yes you place users with specific roles from global, cluster, project level permissions. Just go under "users & authentication" There you create and assign roles and permissions.
l
i am running cluster autoscaler with rancher provider. This autoscaler needs token to access rancher apis such as updating specific cluster to scale up/down. I want to limit this token to specific cluster alone. Note: scoped token does not work as per the following: https://github.com/rancher/rancher/issues/29943
cluster role will not help here as i must provide global privileges to the user to send api calls to rancher for scaling up and scaling down a cluster. But if i set global verbs e.g. list, update, etc, it will be applicable to all clusters ..
q
Hmm.... Perhaps you can create a local user and specify the role specific parameters. then create a new API token based on the local user.
l
I did that; since it is global role, it will be applicable to all clusters.
is there a way to limit global role permissions to specific clusters only?
q
But I believe you are to scope the api token during the creation process.
l
scoped api token does not work with rancher apis or rancher cli ...
so scoped api token does not work with autoscaler at all ..
q
what version of rancher are you running...
l
2.6.11
q
Interesting.... I'll look into it.
l
thanks
are you from rancher team or community member ?
q
Community member but I've be Admin / Engineer using Rancher since it infancy .. I'm an early adopter. I have terraform running on my work cluster I don't have it running in my home cluster..
l
great ... looking forward to hear from you if you find any solution 🙂
q
no problem
l
@quaint-oyster-88347 did you get a chance to look at it.
9 Views
Open in Slack
PreviousNext
Powered by