This message was deleted Rancher Users #general

Join Slack

This message was deleted.

# general

adamant-kite-43734

10/05/2023, 8:35 AM

This message was deleted.

faint-policeman-5206

10/05/2023, 8:47 AM

Multiple Rancher instances is the one option...

eager-byte-23295

10/05/2023, 9:05 AM

Even so, when we add a new cluster we need to specify permissions for it

faint-policeman-5206

10/05/2023, 9:09 AM

You can give global (instance-wide) permissions...

many-nail-29864

10/05/2023, 10:37 AM

Or add them by code, same as adding cluster

eager-byte-23295

10/05/2023, 12:14 PM

We add them already via Terraform But the permissions is currently a static list of user group (we have SSO with Azure) to roles on each cluster If we could say for example that all the users in group

developers

will have read write access to dev clusters And all the users in group

qa

will have access to staging clusters, that would be great. I am not sure how to group the clusters and provide the permissions

many-nail-29864

10/05/2023, 12:17 PM

If you created the cluster from a variable in terraform you maybe could have some kind of metadata there

eager-byte-23295

10/05/2023, 12:42 PM

The thing is that the clusters are created in a totally separate TF plan than where I'm defining the permissions

many-nail-29864

10/05/2023, 12:43 PM

Could you it by some naming standard and figure it out that way?

many-nail-29864

10/05/2023, 1:06 PM

When I do terraform stuff I usually use terragrunt to describe the different environments, then it's easy to add that kind of metadata

5 Views

Open in Slack

Previous Next