Illumina Innovates with Rancher and Kubernetes
This section describes how template administrators can enforce templates in Rancher, restricting the ability of users to create clusters without a template.
By default, any standard user in Rancher can create clusters. But when RKE template enforcement is turned on,
Users can only create new templates if the administrator gives them permission.
After a cluster is created with an RKE template, the cluster creator cannot edit settings that are defined in the template. The only way to change those settings after the cluster is created is to upgrade the cluster to a new revision of the same template. If cluster creators want to change template-defined settings, they would need to contact the template owner to get a new revision of the template. For details on how template revisions work, refer to the documentation on revising templates.
You might want to require new clusters to use a template to ensure that any cluster launched by a standard user will use the Kubernetes and/or Rancher settings that are vetted by administrators.
To require new clusters to use an RKE template, administrators can turn on RKE template enforcement with the following steps:
rke-template-enforcement
Result: All clusters provisioned by Rancher must use a template, unless the creator is an administrator.
To allow new clusters to be created without an RKE template, administrators can turn off RKE template enforcement with the following steps:
Result: When clusters are provisioned by Rancher, they don’t need to use a template.