This message was deleted.

do you mean that you would like to disable the project feature?

the ability to delete the default projects created by Rancher and create new ones instead (while leaving the project feature itself enabled)? It's worth noting that deleting the default "System" project may not be possible.

Why would you want to delete the

System

project? It’s done specifically to avoid to remove Rancher related parts

Sorry, may be it's not clear enough I would like to delete a no system project, like "default" project.

I can understand about have no projects and start from scratch, but what would be the benefit of creating one anyway afterwards?

To achieve my goal, I would like to manage the role-based access control for both system and non-system namespaces, such as kube-system. This will help me to have better control over access to Kubernetes resources and manage user permissions more effectively.

You mean after the installation, no? Because otherwise it would mean to set both projects and users at the same time or I’m missing something 😅 To have projects configured as you described is pretty much what the feature is for. Do you maybe mean that some system namespaces are not in a project?

@brainy-printer-12087 Sorry, if it was not clear enough. It seems that two projects, "system" and "default", have already been created to hold the kube-system namespace and others. However, my goal is to create a new project that will hold all of the namespaces required to run my workload. My question is this: is it possible to create a new project during the Rancher installation process and then assign specific roles and permissions to users for that project ? or may be during the installaion of a downstream cluster ? I am using helm chart to install rancher and others downstream clusters.

I think you are talking about this section https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces#about-projects

Yes

No, however the mapping of NS to project is handled via an annotation on the namespace

Understood, so it seems that the most viable option now is to utilize the Rancher API.

What do you mean by “Activating”? For the admin as initial user? If I recall correctly in the documentation the first user should be

admin

then we even recommend the use of external identity providers

After making a call to the Rancher API to enable Azure AD using the following curl command, I can see that Azure AD is activated in the dashboard. However, no user groups are being pulled down into the Rancher cluster.

curl -s -k -H "Authorization: Bearer ${TOKEN}" \
     -H 'Content-Type: application/json' \
     -X PUT -d '{"name": "azuread", "enabled": true, "type": "azureADConfig", "tenantId": "xxxxxxxxxxxxxxxxxxxxxxx", "applicationId": "xxxxxxxxxxxxxxxxxxxx", "applicationSecret": "xxxxxxxxxxxxxxxxxxxxx", "endpoint": "<https://login.microsoftonline.com/>", "accessMode": "unrestricted", "tokenEndpoint": "<https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token>","graphEndpoint": "<https://graph.microsoft.com>", "authEndpoint": "<https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize>", "rancherUrl": "<https://rancher.example.net/verify-auth-azure>"}' \
	 "<https://rancher.example.net/v3/azureADConfigs/azuread>"