This message was deleted.
# harvester
a
This message was deleted.
g
the vm network is represented by
networkattachementdefinition
crd
creating a custom role which provides access to other resources and only read only access to this crd should do the trick
a
I got this working in Terraform with:
Copy code
rules {
    api_groups = ["<http://k8s.cni.cncf.io|k8s.cni.cncf.io>"]
    resources  = ["network-attachment-definitions"]
    verbs      = ["get", "list", "watch"]
  }
The
Create
button is still shown in the UI and it is possible to click through to
VM Network: Create
. However, when trying to create a Network, the POST fails. So from an RBAC perspective, this works. Ideally, the
Create
button would not be shown to the user with this role.