What are the "-promoted" Cluster Roles in Rancher?

Follow
Table of Contents

Question

When I query for Cluster Roles via kubectl, I see some entries with "-promoted" appended to them. What are these and why is Rancher creating them?

Pre-requisites

  • Rancher server with RKE clusters added
  • Users added to a Project

Answer

The ClusterRole with "-promoted" at the end, is created if the Project role given to a Project member contains any of these resources: storageClass, persistentVolumes, and apiServices.

These resources are not scoped to a namespace. They do not belong to any Project but the entire Cluster. That is why Rancher creates an additional ClusterRole.

Further Reading

  • https://rancher.com/docs/rancher/v2.x/en/admin-settings/rbac/
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.