Skip to content

What are the "-promoted" Cluster Roles in Rancher?

Article Number: 000020097

Environment

  • Rancher server with RKE clusters added
  • Users added to a Project

Situation

When I query for Cluster Roles via kubectl, I see some entries with "-promoted" appended to them. What are these and why is Rancher creating them?

Resolution

The ClusterRole with "-promoted" at the end, is created if the Project role given to a Project member contains any of these resources: storageClass, persistentVolumes, and apiServices.

These resources are not scoped to a namespace. They do not belong to any Project but the entire Cluster. That is why Rancher creates an additional ClusterRole.