Skip to content

What are the "-promoted" Cluster Roles in Rancher?

This document (000020097) is provided subject to the disclaimer at the end of this document.

Environment

  • Rancher server with RKE clusters added
  • Users added to a Project

Situation

When I query for Cluster Roles via kubectl, I see some entries with "-promoted" appended to them. What are these and why is Rancher creating them?

Resolution

The ClusterRole with "-promoted" at the end, is created if the Project role given to a Project member contains any of these resources: storageClass, persistentVolumes, and apiServices.

These resources are not scoped to a namespace. They do not belong to any Project but the entire Cluster. That is why Rancher creates an additional ClusterRole.

Additional Information

Managing Role-Based Access Control (RBAC)

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.