public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-16 01:53:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move prerequisites for launching catalog apps

Browse Source
This commit is contained in:
Catherine Luse
2020-04-01 23:48:12 -07:00
parent b67e005050
commit 84f5552963
2 changed files with 2 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.x/en/catalog/_index.md
-10
View File
@@ -17,7 +17,6 @@ Rancher improves on Helm catalogs and charts. All native Helm charts can work wi
This section covers the following topics:
- [Prerequisites](#prerequisites)
- [Catalog scopes](#catalog-scopes)
- [Catalog Helm Deployment Versions](#catalog-helm-deployment-versions)
- [Built-in global catalogs](#built-in-global-catalogs)
@@ -26,15 +25,6 @@ This section covers the following topics:
- [Chart compatibility with Rancher](#chart-compatibility-with-rancher)
- [Global DNS](#global-dns)
# Prerequisites
When Rancher deploys a catalog app, it launches an ephemeral instance of a Helm service account that has the permissions of the user deploying the catalog app. Therefore, a user cannot gain more access to the cluster through Helm or a catalog application than they otherwise would have.
To launch a catalog app or a multi-cluster app, you should have at least one of the following permissions:
- A [project-member role]({{<baseurl>}}/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/#project-roles) in the target cluster, which gives you the ability to create, read, update, and delete the workloads
- A [cluster owner role]({{<baseurl>}}/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/#cluster-roles) for the cluster that include the target project
# Catalog Scopes
Within Rancher, you can manage catalogs at three different scopes. Global catalogs are shared across all clusters and project. There are some use cases where you might not want to share catalogs between different clusters or even projects in the same cluster. By leveraging cluster and project scoped catalogs, you will be able to provide applications for specific teams without needing to share them with all clusters and/or projects.
content/rancher/v2.x/en/catalog/launching-apps/_index.md
+2
View File
@@ -15,6 +15,8 @@ If your application is using ingresses, you can program the ingress hostname to
# Prerequisites
When Rancher deploys a catalog app, it launches an ephemeral instance of a Helm service account that has the permissions of the user deploying the catalog app. Therefore, a user cannot gain more access to the cluster through Helm or a catalog application than they otherwise would have.
To launch an app from a catalog in Rancher, you must have at least one of the following permissions:
- A [project-member role]({{<baseurl>}}/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/#project-roles) in the target cluster, which gives you the ability to create, read, update, and delete the workloads