Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to get Rancher UI Multi-User Working #2401

Open
1 task done
bmorris53 opened this issue May 2, 2024 · 1 comment
Open
1 task done

Unable to get Rancher UI Multi-User Working #2401

bmorris53 opened this issue May 2, 2024 · 1 comment
Labels
kind/bug

Comments

@bmorris53
Copy link

bmorris53 commented May 2, 2024
edited

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Currently I am unable to implement fleet multi-user. Following the steps in the ver: next fleet documentation here: https://fleet.rancher.io/multi-user. After following said steps, targeted user is still unable to see or navigate to the Continuous Delivery / Fleet UI page in Rancher UI.

Expected Behavior

Targeted user, after following multi-user steps, should be able to access Continuous Delivery and create GitRepos in their designated Workspace.

Steps To Reproduce

  1. Create User: Global Permissions User-Base, no other roles assigned.
  2. As admin, create new Workspace in Fleet UI, I also configured allowedTargetNamespaces
  3. In Rancher UI, switch to local cluster
  4. Click on Import YAML
  5. Paste in contents of GlobalRole:
  6. Import YAML Again
  7. Paste in contents of BundleNamespaceMapping
  8. navigate back to user, apply the custom Global Role
  9. Log back into Rancher UI with user.

Environment

- Architecture: amd64
- Fleet Version: v0.9.0 and v0.9.2
- Cluster:
  - Provider: K3s
  - Options: 3 node HA with embedded etcd, selinux true, all standard k3s features enabled
  - Kubernetes Version: k3s version v1.27.11+k3s1 (06d6bc80) go version go1.21.7
  - Rancher Version: 2.8.2

Logs

No response

Anything else?

GlobaRole:

apiVersion: management.cattle.io/v3
kind: GlobalRole
metadata:
  name: fleet-team1
namespacedRules:
  fleet-team1:
    - apiGroups:
        - fleet.cattle.io
      resources:
        - gitrepos
        - bundles
        - clusterregistrationtokens
        - gitreporestrictions
        - clusters
        - clustergroups
      verbs:
        - '*'
rules:
  - apiGroups:
      - management.cattle.io
    resourceNames:
      - fleet-team1
    resources:
      - fleetworkspaces
    verbs:
      - '*'

BundleNamespaceMapping

kind: BundleNamespaceMapping
apiVersion: fleet.cattle.io/v1alpha1
metadata:
  name: mapping
  namespace: fleet-team1
bundleSelector:
  matchLabels:
    team: team1
namespaceSelector:
  matchLabels:
    kubernetes.io/metadata.name: fleet-default
@manno
Copy link
Member

manno commented May 29, 2024

Does it work without the bundle namespace mapping?

We might need to add more information to https://fleet.rancher.io/multi-user#example-fleet-in-rancher

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug
Projects
Fleet
Status: 🆕 New
Milestone
No milestone
Development

No branches or pull requests
2 participants
@manno @bmorris53