background
The rancher panel has been used for the K8S web console in the intranet development and test environment.
By using the rancher panel service, the work efficiency of operation, maintenance, development, and testing personnel in container management has been greatly improved
problem
However, since the early focus was only on the implementation of functions and user experience, the problem of authority management was ignored. All rancher panel users that are open to users have cluster-owner permissions. As a result, on the last day, I suddenly received a notice from the R&D staff that all the workloads under the development environment namespace had disappeared. Through investigation, it was found that all node nodes were operating normally at the time of the problem, the dev namespace no longer existed, and all resources under the other two test1 and test2 namespaces were operating normally. Therefore, it is initially suspected that the namespace was deleted manually, and all resources under the dev namespace (including secret, sa, configmap, pvc, deployment, svc, etc.) were deleted.
solution
1. First restore the environment
2. Reinforce the permissions of the rancher panel
* Current rancher users are all types of local users, and local users are authorized to the cluster in terms of authorization
* Create the user role Developer of the cluster
* To authorize the newly created role, the new role needs to inherit the permissions of the cluster member and view all projects role
* Authorize in the cluster
