Open kkaempf opened 5 months ago
Can we please add details to the issue description so someone interested picking it up has an overall view and scope of the problem?
@richardcase iirc that was a draft issue from you which I converted to a Turtles one 😉
@kkaempf @furkatgofurov7 - i've updated the description. We can also jump on a quick call to discuss.
After raising this in the Rancher RBAC channel, there is a new issue open to track progress on this https://github.com/rancher/rancher/issues/45591.
A new annotation field.cattle.io/noCreatorRBAC
that when applied to a cluster, it skips the step where it creates the ClusterOwner/ProjectOwner roles and bindings.
This change will most likely be available in Rancher v2.10. Then, we will able to use this feature by adding the annotation via Turtles.
When Turtles automatically imports a CAPI cluster into Rancher by generating the Rancher Cluster it results in some repeated RBAC errors being generated.
If you import a Cluster via the RM UI the webhook will add a "creator" and Rancher will use this to automatically allow the creator access via RBAC. With RT we don't add the creator id.
Whats needed from this: