rancher
/
fleet-docs
mirror of https://github.com/rancher/fleet-docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
fleet-docs/0.10/multi-user.html

25 lines
46 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<html lang="en" dir="ltr" class="docs-wrapper docs-doc-page docs-version-0.10 plugin-docs plugin-id-default docs-doc-id-multi-user" data-has-hydrated="false">
<head>
<meta charset="UTF-8">
<meta name="generator" content="Docusaurus v2.4.3">
<title data-rh="true">Setup Multi User | Fleet</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://fleet.rancher.io/0.10/multi-user"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="0.10"><meta data-rh="true" name="docusaurus_tag" content="docs-default-0.10"><meta data-rh="true" name="docsearch:version" content="0.10"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-0.10"><meta data-rh="true" property="og:title" content="Setup Multi User | Fleet"><meta data-rh="true" name="description" content="Fleet uses Kubernetes RBAC where possible."><meta data-rh="true" property="og:description" content="Fleet uses Kubernetes RBAC where possible."><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://fleet.rancher.io/0.10/multi-user"><link data-rh="true" rel="alternate" href="https://fleet.rancher.io/0.10/multi-user" hreflang="en"><link data-rh="true" rel="alternate" href="https://fleet.rancher.io/0.10/multi-user" hreflang="x-default"><link data-rh="true" rel="preconnect" href="https://5YEVIM7OXD-dsn.algolia.net" crossorigin="anonymous"><link rel="search" type="application/opensearchdescription+xml" title="Fleet" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.ff6ab72e.css">
<link rel="preload" href="/assets/js/runtime~main.b74b6382.js" as="script">
<link rel="preload" href="/assets/js/main.88b5c325.js" as="script">
</head>
<body class="navigation-with-keyboard">
<script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}return t}()||function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script><div id="__docusaurus">
<div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><div class="navbar__logo"><img src="/img/logo.svg" alt="logo" class="themedImage_ToTc themedImage--light_HNdA"><img src="/img/logo.svg" alt="logo" class="themedImage_ToTc themedImage--dark_i4oU"></div><b class="navbar__title text--truncate">Fleet</b></a></div><div class="navbar__items navbar__items--right"><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a class="navbar__link" aria-haspopup="true" aria-expanded="false" role="button" href="/0.10">0.10</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/multi-user">Next 🚧</a></li><li><a aria-current="page" class="dropdown__link dropdown__link--active" href="/0.10/multi-user">0.10</a></li><li><a class="dropdown__link" href="/0.9/multi-user">0.9</a></li><li><a class="dropdown__link" href="/0.8/multi-user">0.8</a></li><li><a class="dropdown__link" href="/0.7/multi-user">0.7</a></li><li><a class="dropdown__link" href="/0.6/multi-user">0.6</a></li><li><a class="dropdown__link" href="/0.5">0.5</a></li><li><a class="dropdown__link" href="/0.4">0.4</a></li></ul></div><a aria-current="page" class="navbar__item navbar__link navbar__docs navbar__link--active" href="/0.10">Docs</a><a href="https://github.com/rancher/fleet" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link navbar__github btn btn-secondary icon-github">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><a href="https://rancher-users.slack.com/channels/fleet" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link header-slack-link" aria-label="Slack Channel"></a><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">More from SUSE</a><ul class="dropdown__menu"><li><a href="https://www.rancher.com" target="_blank" rel="noopener noreferrer" class="dropdown__link navbar__icon navbar__rancher">Rancher<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><hr style="margin: 0.3rem 0;"></li><li><a href="https://elemental.docs.rancher.com/" target="_blank" rel="noopener noreferrer" class="dropdown__link navbar__icon navbar__elemental">Elemental<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a href="https://harvesterhci.io" target="_blank" rel="noopener noreferrer" class="dropdown__link navbar__icon navbar__harvester">Harvester<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a href="https://rancherdesktop.io" target="_blank" rel="noopener noreferrer" class="dropdown__link navbar__icon navbar__rd">Rancher Desktop<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><hr style="margin: 0.3rem 0;"></li><li><a href="https://opensource.suse.com" target="_blank" rel="noopener noreferrer" class="dropdown__link navbar__icon navbar__suse">More Projects...<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="searchBox_ZlJk"><button type="button" class="DocSearch DocSearch-Button" aria-label="Search"><span class="DocSearch-Button-Container"><svg width="20" height="20" class="DocSearch-Search-Icon" viewBox="0 0 20 20" aria-hidden="true"><path d="M14.386 14.386l4.0877 4.0877-4.0877-4.0877c-2.9418 2.9419-7.7115 2.9419-10.6533 0-2.9419-2.9418-2.9419-7.7115 0-10.6533 2.9418-2.9419 7.7115-2.9419 10.6533 0 2.9419 2.9418 2.9419 7.7115 0 10.6533z" stroke="currentColor" fill="none" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round"></path></svg><span class="DocSearch-Button-Placeholder">Search</span></span><span class="DocSearch-Button-Keys"></span></button></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebarViewport_Xe31"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/0.10">Overview</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="true" href="/0.10/quickstart">Tutorials</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/quickstart">Quick Start</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/tut-deployment">Creating a Deployment</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/uninstall">Uninstall</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="true" href="/0.10/architecture">Explanations</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/architecture">Architecture</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/concepts">Core Concepts</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/ref-bundle-stages">Bundle Lifecycle</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/gitrepo-content">Git Repository Contents</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/namespaces">Namespaces</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/resources-during-deployment">Custom Resources During Deployment</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" href="/0.10/installation">How-tos for Operators</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/installation">Installation Details</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/cluster-registration">Register Downstream Clusters</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/cluster-group">Create Cluster Groups</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/0.10/multi-user">Setup Multi User</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="true" href="/0.10/gitrepo-add">How-tos for Users</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/gitrepo-add">Create a GitRepo Resource</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/gitrepo-targets">Mapping to Downstream Clusters</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/bundle-diffs">Generating Diffs to Ignore Modified GitRepos</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/webhook">Using Webhooks Instead of Polling</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/imagescan">Using Image Scan to Update Container Image References</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/bundle-add">Create a Bundle Resource</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="true" href="/0.10/cli/fleet-agent">Reference</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" tabindex="0" href="/0.10/cli/fleet-agent">CLI</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/cluster-bundles-state">Cluster and Bundle State</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/resource-counts-and-resources-list">Resources List</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/ref-registration">Cluster Registration Internals</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/ref-configuration">Configuration</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/ref-resources">List of Deployed Resources</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/ref-crds">Custom Resources Spec</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/ref-fleet-yaml">fleet.yaml</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/ref-gitrepo">GitRepo Resource</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/0.10/ref-bundle">Bundle Resource</a></li></ul></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/0.10/troubleshooting">Troubleshooting</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/0.10/changelogs/changelogs/v0.10.0">Changelog</a></div></li></ul></nav></div></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="theme-doc-version-banner alert alert--warning margin-bottom--md" role="alert"><div>This is documentation for <!-- -->Fleet<!-- --> <b>0.10</b>, which is no longer actively maintained.</div><div class="margin-top--md">For up-to-date documentation, see the <b><a href="/multi-user">latest version</a></b> (<!-- -->Next 🚧<!-- -->).</div></div><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">How-tos for Operators</span><meta itemprop="position" content="1"></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">Setup Multi User</span><meta itemprop="position" content="2"></li></ul></nav><span class="theme-doc-version-badge badge badge--secondary">Version: 0.10</span><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><h1>Setup Multi User</h1><p>Fleet uses Kubernetes RBAC where possible.</p><p>One addition on top of RBAC is the <a href="/0.10/namespaces#restricting-gitrepos"><code>GitRepoRestriction</code></a> resource, which can be used to control GitRepo resources in a namespace.</p><p>A multi-user fleet setup looks like this:</p><ul><li>tenants don&#x27;t share namespaces, each tenant has one or more namespaces on the
upstream cluster, where they can create GitRepo resources</li><li>tenants can&#x27;t deploy cluster wide resources and are limited to a set of
namespaces on downstream clusters</li><li>clusters are in a separate namespace</li></ul><p><img loading="lazy" alt="Shared Clusters" src="/assets/images/FleetSharedClusters-b68f6c53b43cbb795e4d81cda9ebc2bc.svg" width="2488" height="1769" class="img_ev3q"></p><div class="theme-admonition theme-admonition-warning alert alert--danger admonition_LlT9"><div class="admonitionHeading_tbUL"><span class="admonitionIcon_kALy"><svg viewBox="0 0 12 16"><path fill-rule="evenodd" d="M5.05.31c.81 2.17.41 3.38-.52 4.31C3.55 5.67 1.98 6.45.9 7.98c-1.45 2.05-1.7 6.53 3.53 7.7-2.2-1.16-2.67-4.52-.3-6.61-.61 2.03.53 3.33 1.94 2.86 1.39-.47 2.3.53 2.27 1.67-.02.78-.31 1.44-1.13 1.81 3.42-.59 4.78-3.42 4.78-5.56 0-2.84-2.53-3.22-1.25-5.61-1.52.13-2.03 1.13-1.89 2.75.09 1.08-1.02 1.8-1.86 1.33-.67-.41-.66-1.19-.06-1.78C8.18 5.31 8.68 2.45 5.05.32L5.03.3l.02.01z"></path></svg></span>important information</div><div class="admonitionContent_S0QG"><p>The isolation of tenants is not complete and relies on Kubernetes RBAC to be
set up correctly. Without manual setup from an operator tenants can still
deploy cluster wide resources. Even with the available Fleet restrictions,
users are only restricted to namespaces, but namespaces don&#x27;t provide much
isolation on their own. E.g. they can still consume as many resources as they
like.</p><p>However, the existing Fleet restrictions allow users to share clusters, and
deploy resources without conflicts.</p></div></div><h2 class="anchor anchorWithStickyNavbar_LWe7" id="example-fleet-standalone">Example Fleet Standalone<a href="#example-fleet-standalone" class="hash-link" aria-label="Direct link to Example Fleet Standalone" title="Direct link to Example Fleet Standalone"></a></h2><p>This would create a user &#x27;fleetuser&#x27;, who can only manage GitRepo resources in the &#x27;project1&#x27; namespace.</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">kubectl create serviceaccount fleetuser</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">kubectl create namespace project1</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">kubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">kubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>This makes sure, tenants can&#x27;t interfere with GitRepo resources from other tenants, since they don&#x27;t have access to their namespaces.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="example-fleet-in-rancher">Example Fleet in Rancher<a href="#example-fleet-in-rancher" class="hash-link" aria-label="Direct link to Example Fleet in Rancher" title="Direct link to Example Fleet in Rancher"></a></h2><p>When a new fleet workspace is created, a corresponding namespace with an identical name is automatically generated within the Rancher local cluster.
For a user to see and deploy fleet resources in a specific workspace, they need at least the following permissions:</p><ul><li>list/get the <code>fleetworkspace</code> cluster-wide resource in the local cluster</li><li>Permissions to create fleet resources (such as <code>bundles</code>, <code>gitrepos</code>, ...) in the backing namespace for the workspace in the local cluster. </li></ul><p>Let&#x27;s grant permissions to deploy fleet resources in the <code>project1</code> and <code>project2</code> fleet workspaces:</p><ul><li>To create the <code>project1</code> and <code>project2</code> fleet workspaces, you can either do it in the <a href="https://ranchermanager.docs.rancher.com/integrations-in-rancher/fleet/overview#accessing-fleet-in-the-rancher-ui" target="_blank" rel="noopener noreferrer">Rancher UI</a> or use the following YAML resources:</li></ul><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">apiVersion: management.cattle.io/v3</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">kind: FleetWorkspace</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">metadata:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> name: project1</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">apiVersion: management.cattle.io/v3</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">kind: FleetWorkspace</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">metadata:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> name: project2</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><ul><li>Create a <code>GlobalRole</code> that grants permission to deploy fleet resources in the <code>project1</code> and <code>project2</code> fleet workspaces:</li></ul><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">apiVersion: management.cattle.io/v3</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">kind: GlobalRole</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">metadata:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> name: fleet-projects1and2</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">namespacedRules:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> project1:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - apiGroups:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - fleet.cattle.io</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> resources:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - gitrepos</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - bundles</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - clusterregistrationtokens</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - gitreporestrictions</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - clusters</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - clustergroups</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> verbs:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - &#x27;*&#x27;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> project2:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - apiGroups:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - fleet.cattle.io</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> resources:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - gitrepos</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - bundles</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - clusterregistrationtokens</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - gitreporestrictions</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - clusters</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - clustergroups</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> verbs:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - &#x27;*&#x27;</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">rules:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - apiGroups:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - management.cattle.io</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> resourceNames:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - project1</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - project2</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> resources:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - fleetworkspaces</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> verbs:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - &#x27;*&#x27;</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>Assign the <code>GlobalRole</code> to users or groups, more info can be found in the <a href="https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions#configuring-global-permissions-for-individual-users" target="_blank" rel="noopener noreferrer">Rancher docs</a></p><p>The user now has access to the <code>Continuous Delivery</code> tab in Rancher and can deploy resources to both the <code>project1</code> and <code>project2</code> workspaces.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="allow-access-to-clusters">Allow Access to Clusters<a href="#allow-access-to-clusters" class="hash-link" aria-label="Direct link to Allow Access to Clusters" title="Direct link to Allow Access to Clusters"></a></h2><p>This assumes all GitRepos created by &#x27;fleetuser&#x27; have the <code>team: one</code> label. Different labels could be used, to select different cluster namespaces.</p><p>In each of the user&#x27;s namespaces, as an admin create a <a href="/0.10/namespaces#cross-namespace-deployments"><code>BundleNamespaceMapping</code></a>.</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">kind: BundleNamespaceMapping</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">apiVersion: fleet.cattle.io/v1alpha1</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">metadata:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> name: mapping</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> namespace: project1</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"># Bundles to match by label.</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"># The labels are defined in the fleet.yaml # labels field or from the</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"># GitRepo metadata.labels field</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">bundleSelector:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> matchLabels:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> team: one</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> # or target one repo</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> #fleet.cattle.io/repo-name: simpleapp</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"># Namespaces, containing clusters, to match by label</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">namespaceSelector:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> matchLabels:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> kubernetes.io/metadata.name: fleet-default</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> # the label is on the namespace</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> #workspace: prod</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>The <a href="/0.10/gitrepo-targets"><code>target</code> section</a> in the GitRepo resource can be used to deploy only to a subset of the matched clusters.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="restricting-access-to-downstream-clusters">Restricting Access to Downstream Clusters<a href="#restricting-access-to-downstream-clusters" class="hash-link" aria-label="Direct link to Restricting Access to Downstream Clusters" title="Direct link to Restricting Access to Downstream Clusters"></a></h2><p>Admins can further restrict tenants by creating a <code>GitRepoRestriction</code> in each of their namespaces.</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">kind: GitRepoRestriction</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">apiVersion: fleet.cattle.io/v1alpha1</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">metadata:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> name: restriction</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> namespace: project1</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">allowedTargetNamespaces:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - project1simpleapp</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the &#x27;project1simpleapp&#x27; namespace.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="an-example-gitrepo-resource">An Example GitRepo Resource<a href="#an-example-gitrepo-resource" class="hash-link" aria-label="Direct link to An Example GitRepo Resource" title="Direct link to An Example GitRepo Resource"></a></h2><p>A GitRepo resource created by a tenant, without admin access could look like this:</p><div class="codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><div class="codeBlockContent_biex"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#bfc7d5"><span class="token plain">kind: GitRepo</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">apiVersion: fleet.cattle.io/v1alpha1</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">metadata:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> name: simpleapp</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> namespace: project1</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> labels:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> team: one</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain">spec:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> repo: https://github.com/rancher/fleet-examples</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> paths:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - bundle-diffs</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> targetNamespace: project1simpleapp</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> # do not match the upstream/local cluster, won&#x27;t work</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> targets:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> - name: dev</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> clusterSelector:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> matchLabels:</span><br></span><span class="token-line" style="color:#bfc7d5"><span class="token plain"> env: dev</span><br></span></code></pre><div class="buttonGroup__atx"><button type="button" aria-label="Copy code to clipboard" title="Copy" class="clean-btn"><span class="copyButtonIcons_eSgA" aria-hidden="true"><svg viewBox="0 0 24 24" class="copyButtonIcon_y97N"><path fill="currentColor" d="M19,21H8V7H19M19,5H8A2,2 0 0,0 6,7V21A2,2 0 0,0 8,23H19A2,2 0 0,0 21,21V7A2,2 0 0,0 19,5M16,1H4A2,2 0 0,0 2,3V17H4V3H16V1Z"></path></svg><svg viewBox="0 0 24 24" class="copyButtonSuccessIcon_LjdS"><path fill="currentColor" d="M21,7L9,19L3.5,13.5L4.91,12.09L9,16.17L19.59,5.59L21,7Z"></path></svg></span></button></div></div></div><p>This includes the <code>team: one</code> label and and the required <code>targetNamespace</code>.</p><p>Together with the previous <code>BundleNamespaceMapping</code> it would target all clusters with a <code>env: dev</code> label in the &#x27;fleet-default&#x27; namespace.</p><div class="theme-admonition theme-admonition-note alert alert--secondary admonition_LlT9"><div class="admonitionHeading_tbUL"><span class="admonitionIcon_kALy"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"></path></svg></span>note</div><div class="admonitionContent_S0QG"><p><code>BundleNamespaceMappings</code> do not work with local clusters, so make sure not to target them.</p></div></div></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.10/multi-user.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"><span class="theme-last-updated">Last updated<!-- --> on <b><time datetime="2024-10-18T11:42:02.000Z">Oct 18, 2024</time></b></span></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/0.10/cluster-group"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Create Cluster Groups</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/0.10/gitrepo-add"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Create a GitRepo Resource</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#example-fleet-standalone" class="table-of-contents__link toc-highlight">Example Fleet Standalone</a></li><li><a href="#example-fleet-in-rancher" class="table-of-contents__link toc-highlight">Example Fleet in Rancher</a></li><li><a href="#allow-access-to-clusters" class="table-of-contents__link toc-highlight">Allow Access to Clusters</a></li><li><a href="#restricting-access-to-downstream-clusters" class="table-of-contents__link toc-highlight">Restricting Access to Downstream Clusters</a></li><li><a href="#an-example-gitrepo-resource" class="table-of-contents__link toc-highlight">An Example GitRepo Resource</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2024 SUSE Rancher. All Rights Reserved.</div></div></div></footer></div>
<script src="/assets/js/runtime~main.b74b6382.js"></script>
<script src="/assets/js/main.88b5c325.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink