Building a Custom Read-only Global Role with the Rancher Kubernetes API
In 2.8, Rancher added a new field to the GlobalRoles resource (inheritedClusterRoles), which allows users to grant permissions on all downstream clusters. With the addition of this field, it is now possible to create a custom global role that grants user-configurable permissions on all current and future downstream clusters. This post will outline how to create this role using the new Rancher Kubernetes API, which is currently the best-supported method to use this new feature.