How to Add Multiple Users to Rancher Projects as Owners or Members Simultaneously
This document (000021630) is provided subject to the disclaimer at the end of this document.
Environment
A Kubernetes cluster provisioned by the RKE2 CLI or Rancher v2.x
Situation
To grant a user access to a project in Rancher, you typically navigate to Cluster > Cluster and Project Members > Project Membership, select the project, and assign a role. However, the UI allows adding only one user at a time, which can be inefficient for bulk additions. To streamline this process, you can use kubectl and project role bindings to add multiple users at once
Resolution
By using kubectl, you can batch-create project members/owner efficiently. This process requires retrieving three key pieces of information:
- User IDs
- Cluster and Project IDs
- Project Role Binding Configuration
Follow these steps:
Step 1: Retrieve User IDs
Run the following command to list all user IDs and their associated usernames:
$ kubectl get users.management.cattle.io -o json | jq -r '.items[] | [.metadata.name, .username] | @tsv' | column -t -s $'\t' -N "USER_ID,USERNAME"
Sample Output:
USER_ID USERNAME
u-9cwlc alice
u-8cqxc bob
Step 2: Retrieve Cluster Names and IDs
To get the cluster names and their corresponding IDs, execute:
$ kubectl get clusters.management.cattle.io -o custom-columns="ID:.metadata.name,NAME:.spec.displayName" --sort-by=.metadata.creationTimestamp
Sample Output:
ID NAME
c-m-269t6qvf Production-Cluster
c-m-jk4s8dlt Staging-Cluster
Step 3: Retrieve Project Names and IDs
To retrieve project names, IDs, and their associated clusters, use:$ kubectl get clusters.management.cattle.io -o json | jq -r '.items[] | {clusterId: .metadata.name, clusterName: .spec.displayName}' > clusters.json && echo -e "ClusterName\tProjectID\tProjectName" && kubectl get projects.management.cattle.io -A -o json | jq -r --slurpfile clusters clusters.json '.items[] | {projectId: .metadata.name, projectName: .spec.displayName, clusterId: .metadata.namespace} as $project | $clusters[] | select(.clusterId == $project.clusterId) | "\(.clusterName)\t\($project.projectId)\t\($project.projectName)"' | column -t -s $'\t' -o " "
Sample Output:
ClusterName ProjectID ProjectNameProduction-Cluster p-7twvb DefaultStaging-Cluster p-8ytwn Development
Step 4: Create a YAML File for Multiple Users
Using the gathered data, create a ProjectRoleTemplateBinding YAML file. Replace the placeholders with actual values for each user and project.
apiVersion: management.cattle.io/v3
kind: ProjectRoleTemplateBinding
metadata:
name: alice-binding
namespace: p-7twvb # Project ID
roleTemplateName: project-member
userName: u-9cwlc # User ID
projectName: c-m-269t6qvf:p-7twvb # Cluster ID:Project ID
---
apiVersion: management.cattle.io/v3
kind: ProjectRoleTemplateBinding
metadata:
name: bob-binding
namespace: p-7twvb # Project ID
roleTemplateName: project-member
userName: u-8cqxc # User ID
projectName: c-m-269t6qvf:p-7twvb # Cluster ID:Project ID
Step 5: Apply the YAML File
Apply the YAML file to add all users to the project at once:kubectl apply -f project-role-bindings.yaml
Notes:
- All commands must be executed on the local cluster.
- This method is particularly useful for bulk operations but requires basic familiarity with
kubectland YAML.
Status
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000021630
- Creation Date: 26-Nov-2024
- Modified Date:05-Dec-2024
-
- SUSE Rancher
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
