SUSE Support

Here When You Need Us

What are the "-promoted" Cluster Roles in Rancher?

This document (000020097) is provided subject to the disclaimer at the end of this document.

Environment

  • Rancher server with RKE clusters added
  • Users added to a Project

Situation

When I query for Cluster Roles via kubectl, I see some entries with "-promoted" appended to them. What are these and why is Rancher creating them?

Resolution

The ClusterRole with "-promoted" at the end, is created if the Project role given to a Project member contains any of these resources: storageClass, persistentVolumes, and apiServices.

These resources are not scoped to a namespace. They do not belong to any Project but the entire Cluster. That is why Rancher creates an additional ClusterRole.

Additional Information

Managing Role-Based Access Control (RBAC)

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020097
  • Creation Date: 06-May-2021
  • Modified Date:28-Mar-2024
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community
tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ
tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center