Skip to content

How to create a custom Project RBAC role to grant log access and exec permission on Pods, in a Rancher v2.x managed cluster

Article Number: 000020073

Environment

  • A Rancher v2.6+ managed Kubernetes cluster

Situation

This article details how to create a custom Project RBAC role to grant log access and exec permission on Pods, in a Rancher v2.x managed Kubernetes cluster.

Resolution

In Rancher v2.x you can create a custom Project Role that provides the permissions to enable a user to view Pods, Pod logs and to exec into Pods. You can then grant this role to users on Projects to provide them this access where necessary.

  1. Navigate to Users & Authentication > Role Templates.
  2. Click on the Project/Namespaces tab.
  3. Click Create Project/Namespaces Role.
  4. Provide a Name for the role.
  5. Under Grant Resources, select Add Resource and fill in the information for each of the following:

VerbsResourceGet, Createpods/execGet, ListpodsGet, Listpods/log 6. Click Create at the bottom.