This message was deleted Rancher Users #general

Join Slack

This message was deleted.

# general

adamant-kite-43734

03/29/2024, 3:17 AM

This message was deleted.

clever-mouse-42560

03/29/2024, 10:34 AM

Hi, I think it's not possible; you can specify crds by editing the YAML file manually.

clever-mouse-42560

03/29/2024, 10:35 AM

Just create your new

role

and then click on side menu -> edit YAML

silly-jelly-27487

03/29/2024, 1:39 PM

thanks for the reply! i did it with terraform (resource rancher2_global_role), so i define the rules as:

Copy code

rules {
    api_groups = ["*"]
    resources = ["customresourcedefinitions"]
    verbs = ["get", "list", "watch"]
  }

  rules {
    api_groups = ["*"]
    resources = ["customresourcedefinitions"]
    resource_names = ["<http://agents.agent.k8s.elastic.co|agents.agent.k8s.elastic.co>"]
    verbs = ["create", "delete"]
  }

I might doing it wrong , but what i want to achieve is to allow list/get/watch all CRDs, but be able to install only the CRD with name agents.agent.k8s.elastic.co

silly-jelly-27487

03/29/2024, 1:39 PM

this dind’t work for me

clever-mouse-42560

04/02/2024, 1:27 PM

I think in your case, the correct YAML would be something like this in Rancher:

Copy code

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: test-role-creation
rules:
  - apiGroups:
      - agent.k8s.elastic.co/v1alpha1
    resources:
      - agent
    verbs:
      - create
      - get
      ...

Not sure how to define the same using Terraform. https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-api-agent-k8s-elastic-co-v1alpha1.html

Open in Slack

Previous Next