What permissions are required to grant access to manage Cluster Logging in Rancher v2.x
This document (000020106) is provided subject to the disclaimer at the end of this document.
Situation
Question
By default, only Global Admins or Cluster Owners have access to configure and manage Cluster Logging in a Rancher v2.x managed cluster. This article details the permissions required to grant this access to other users.
Pre-requisites
- A Kubernetes cluster managed by Rancher v2.x
Answer
Cluster Logging configuration is managed by the ClusterLoggings Custom Resource in the management.cattle.io API Group. In order to create a role that grants permission to manage the logging configuration for a cluster, you should therefore grant all verbs on the CluserLoggings Resource in the management.cattle.io API group.
You can define a custom Cluster Role via the Rancher UI, by navigating to the Global view, and selecting Security -> Roles -> Cluster, creating a custom role with these permissions. Granting this custom role on a cluster to a user or group will then provide access to manage the Cluster Logging configuration for that cluster.
Further Reading
- Rancher v2.x Cluster Logging Documentation
- Rancher v2.x Role-Based Access Control (RBAC) Documentation
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.