{"id":31646,"date":"2024-04-17T10:12:09","date_gmt":"2024-04-17T08:12:09","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/?p=31646"},"modified":"2024-04-17T10:12:12","modified_gmt":"2024-04-17T08:12:12","slug":"rancher-rke2-rancher-roles-for-cluster-autoscaler","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/","title":{"rendered":"Rancher RKE2: Rancher roles for cluster autoscaler"},"content":{"rendered":"\n<p>The cluster autoscaler brings horizontal scaling into your cluster by deploying it into the cluster to autoscale. This is described in the following blog article <a href=\"https:\/\/www.dbi-services.com\/blog\/rancher-autoscaler-enable-rke2-node-autoscaling\/\">https:\/\/www.dbi-services.com\/blog\/rancher-autoscaler-enable-rke2-node-autoscaling\/<\/a>. It didn&#8217;t emphasize much about the user and role configuration.<\/p>\n\n\n\n<p>With Rancher, the cluster autoscaler uses a user&#8217;s API key. We will see how to configure minimal permissions by creating Rancher roles for cluster autoscaler.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-rancher-user\">Rancher user<\/h2>\n\n\n\n<p>First, let&#8217;s create the user that will communicate with Rancher, and whose token will be used. It will be given minimal access rights which is login access.<\/p>\n\n\n\n<p>Go to Rancher &gt; Users &amp; Authentication &gt; Users &gt; Create.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Set a username, for example, autoscaler<\/li>\n\n\n\n<li>Set the password<\/li>\n\n\n\n<li>Give User-Base permissions<\/li>\n\n\n\n<li>Create<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"509\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-1024x509.png\" alt=\"\" class=\"wp-image-31653\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-1024x509.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-300x149.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-768x382.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-1536x763.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-2048x1018.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>The user is now created, let&#8217;s set Rancher roles with minimal permission for the cluster autoscaler.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-rancher-roles-authorization\">Rancher roles authorization<\/h2>\n\n\n\n<p>To make the cluster autoscaler work, the user whose API key is provided needs the following roles:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cluster role (for the cluster to autoscale)<br>Get\/Update for clusters.provisioning.cattle.io<br>Update of machines.cluster.x-k8s.io<\/li>\n\n\n\n<li>Project role (for the namespace that contains the cluster resource (fleet-default))<br>Get\/List of machines.cluster.x-k8s.io<\/li>\n<\/ul>\n\n\n\n<p>Go to Rancher &gt; Users &amp; Authentication &gt; Role Templates &gt; Cluster &gt; Create.<br>Create the cluster role. This role will be applied to every cluster that we want to autoscale.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"442\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-1-1024x442.png\" alt=\"\" class=\"wp-image-31654\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-1-1024x442.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-1-300x130.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-1-768x332.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-1-1536x663.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-1-2048x884.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Then in Rancher &gt; Users &amp; Authentication &gt; Role Templates &gt; Project\/Namespaces &gt; Create.<br>Create the project role, it will be applied to the project of our local cluster (Rancher) that contains the namespace fleet-default.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"386\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-2-1024x386.png\" alt=\"\" class=\"wp-image-31655\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-2-1024x386.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-2-300x113.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-2-768x289.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-2-1536x578.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-2-2048x771.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-rancher-roles-assignment\">Rancher roles assignment<\/h2>\n\n\n\n<p>The user and Rancher roles are created, let&#8217;s assign them.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-project-role\">Project role<\/h3>\n\n\n\n<p>First, we will set the project role, this is to be done once.<br>Go to the local cluster (Rancher), in Cluster &gt; Project\/Namespace.<br>Search for the fleet-default namespace, by default it is contained in the project System.<br>Edit the project System and add the user with the project permissions created precedently.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"999\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-3-1024x999.png\" alt=\"\" class=\"wp-image-31656\" style=\"width:637px;height:auto\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-3-1024x999.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-3-300x293.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-3-768x750.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-3.png 1168w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"304\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-4-1024x304.png\" alt=\"\" class=\"wp-image-31657\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-4-1024x304.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-4-300x89.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-4-768x228.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-4-1536x456.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-4-2048x608.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-cluster-role\">Cluster role<\/h3>\n\n\n\n<p>For each cluster where you will deploy the cluster autoscaler, you need to assign the user as a member with the cluster role.<br>In Rancher &gt; Cluster Management, edit the cluster&#8217;s configuration and assign the user.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"923\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-6-1024x923.png\" alt=\"\" class=\"wp-image-31659\" style=\"width:621px;height:auto\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-6-1024x923.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-6-300x270.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-6-768x692.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-6.png 1178w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"610\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-7-1024x610.png\" alt=\"\" class=\"wp-image-31660\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-7-1024x610.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-7-300x179.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-7-768x457.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-7-1536x915.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-7-2048x1220.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>The roles assignment is done, let&#8217;s proceed to generate the token that is provided to the cluster autoscaler configuration.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-rancher-api-keys\">Rancher API keys<\/h2>\n\n\n\n<p>Log in with the autoscaler user, and go to its profile &gt; Account &amp; API Keys.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"321\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-8-1024x321.png\" alt=\"\" class=\"wp-image-31661\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-8-1024x321.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-8-300x94.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-8-768x241.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-8-1536x481.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-8-2048x641.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Let&#8217;s create an API Key for the cluster autoscaler configuration. Note that in a recent update of Rancher, the API keys expired by default in 90 days. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"296\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-9-1024x296.png\" alt=\"\" class=\"wp-image-31662\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-9-1024x296.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-9-300x87.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-9-768x222.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-9-1536x444.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-9-2048x591.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>If you see this limitation, you can do the following steps to have no expiration.<br>With the admin account, in Global settings &gt; Settings, search for the setting <strong>auth-token-max-ttl-minutes<\/strong> and set it to 0.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"153\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-10-1024x153.png\" alt=\"\" class=\"wp-image-31663\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-10-1024x153.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-10-300x45.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-10-768x114.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-10-1536x229.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-10-2048x305.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Go back with the autoscaler user and create the API Key, name it for example, autoscaler, and select &#8220;no scope&#8221;.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"346\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-11-1024x346.png\" alt=\"\" class=\"wp-image-31664\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-11-1024x346.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-11-300x102.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-11-768x260.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-11-1536x520.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-11-2048x693.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"338\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-12-1024x338.png\" alt=\"\" class=\"wp-image-31665\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-12-1024x338.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-12-300x99.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-12-768x254.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-12-1536x507.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-12-2048x676.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>You can copy the Bearer Token, and use it for the cluster autoscaler configuration.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"306\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-14-1024x306.png\" alt=\"\" class=\"wp-image-31667\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-14-1024x306.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-14-300x90.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-14-768x229.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-14-1536x458.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-14-2048x611.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>As seen above, the token never expires.<br>Let&#8217;s reset the parameter <strong>auth-token-max-ttl-minutes<\/strong> and use the default value button or the precedent value set.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"216\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-13-1024x216.png\" alt=\"\" class=\"wp-image-31666\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-13-1024x216.png 1024w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-13-300x63.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-13-768x162.png 768w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-13-1536x324.png 1536w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-13-2048x432.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>We are now done with the roles configuration.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-conclusion\">Conclusion<\/h2>\n\n\n\n<p>This blog article covers only a part of the setup for the cluster autoscaler for RKE2 provisioning. It explained the configuration of a Rancher user and Rancher&#8217;s roles with minimal permissions to enable the cluster autoscaler. It was made to complete this blog article <a href=\"https:\/\/www.dbi-services.com\/blog\/rancher-autoscaler-enable-rke2-node-autoscaling\/\">https:\/\/www.dbi-services.com\/blog\/rancher-autoscaler-enable-rke2-node-autoscaling\/<\/a> which covers the whole setup and deployment of the cluster autoscaler. Therefore if you are still wondering how to deploy and make the cluster autoscaler work, check the other blog.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-links\">Links<\/h2>\n\n\n\n<p>Rancher official documentation: <a href=\"https:\/\/ranchermanager.docs.rancher.com\/\">Rancher<\/a><br>RKE2 official documentation: <a href=\"https:\/\/docs.rke2.io\/\">RKE2<\/a><br>GitHub cluster autoscaler: <a href=\"https:\/\/github.com\/kubernetes\/autoscaler\/tree\/master\/cluster-autoscaler\">https:\/\/github.com\/kubernetes\/autoscaler\/tree\/master\/cluster-autoscaler<\/a><\/p>\n\n\n\n<p>Blog &#8211; Rancher autoscaler &#8211; Enable RKE2 node autoscaling<br><a href=\"https:\/\/www.dbi-services.com\/blog\/rancher-autoscaler-enable-rke2-node-autoscaling\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.dbi-services.com\/blog\/rancher-autoscaler-enable-rke2-node-autoscaling<\/a><br>Blog &#8211; Reestablish administrator role access to Rancher users<br><a href=\"https:\/\/www.dbi-services.com\/blog\/reestablish-administrator-role-access-to-rancher-users\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.dbi-services.com\/blog\/reestablish-administrator-role-access-to-rancher-users\/<\/a><br>Blog &#8211; Introduction and RKE2 cluster template for AWS EC2<br><a href=\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-cluster-templates-for-aws-ec2\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.dbi-services.com\/blog\/rancher-rke2-cluster-templates-for-aws-ec2<\/a><br>Blog &#8211; Rancher RKE2 templates &#8211; Assign members to clusters<br><a href=\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-templates-assign-members-to-clusters\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.dbi-services.com\/blog\/rancher-rke2-templates-assign-members-to-clusters<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The cluster autoscaler brings horizontal scaling into your cluster by deploying it into the cluster to autoscale. This is described in the following blog article https:\/\/www.dbi-services.com\/blog\/rancher-autoscaler-enable-rke2-node-autoscaling\/. It didn&#8217;t emphasize much about the user and role configuration. With Rancher, the cluster autoscaler uses a user&#8217;s API key. We will see how to configure minimal permissions by [&hellip;]<\/p>\n","protected":false},"author":132,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1320,1522],"tags":[2667,2634,2276,309],"type_dbi":[3017,2943,3243,3244],"class_list":["post-31646","post","type-post","status-publish","format-standard","hentry","category-devops","category-kubernetes","tag-devops-2","tag-kubernetes-2","tag-rancher","tag-suse","type-devops","type-kubernetes","type-rancher","type-suse"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Rancher RKE2: Rancher roles for cluster autoscaler - dbi Blog<\/title>\n<meta name=\"description\" content=\"The cluster autoscaler uses a user&#039;s API key. Let&#039;s configure minimal permissions by creating Rancher roles for cluster autoscaler.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rancher RKE2: Rancher roles for cluster autoscaler\" \/>\n<meta property=\"og:description\" content=\"The cluster autoscaler uses a user&#039;s API key. Let&#039;s configure minimal permissions by creating Rancher roles for cluster autoscaler.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-17T08:12:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-17T08:12:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-1024x509.png\" \/>\n<meta name=\"author\" content=\"K\u00e9vin Keovilay\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"K\u00e9vin Keovilay\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/\"},\"author\":{\"name\":\"K\u00e9vin Keovilay\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/3fb75c1e02be0c3b331471c8313cd9f7\"},\"headline\":\"Rancher RKE2: Rancher roles for cluster autoscaler\",\"datePublished\":\"2024-04-17T08:12:09+00:00\",\"dateModified\":\"2024-04-17T08:12:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/\"},\"wordCount\":713,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-1024x509.png\",\"keywords\":[\"devops\",\"kubernetes\",\"Rancher\",\"SuSE\"],\"articleSection\":[\"DevOps\",\"Kubernetes\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/\",\"name\":\"Rancher RKE2: Rancher roles for cluster autoscaler - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-1024x509.png\",\"datePublished\":\"2024-04-17T08:12:09+00:00\",\"dateModified\":\"2024-04-17T08:12:12+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/3fb75c1e02be0c3b331471c8313cd9f7\"},\"description\":\"The cluster autoscaler uses a user's API key. Let's configure minimal permissions by creating Rancher roles for cluster autoscaler.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/#primaryimage\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image.png\",\"contentUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image.png\",\"width\":3304,\"height\":1642},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Rancher RKE2: Rancher roles for cluster autoscaler\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/3fb75c1e02be0c3b331471c8313cd9f7\",\"name\":\"K\u00e9vin Keovilay\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/aea984148a511f3db5117060e702df298f486588cee7781bb56a7bd92ac44a50?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/aea984148a511f3db5117060e702df298f486588cee7781bb56a7bd92ac44a50?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/aea984148a511f3db5117060e702df298f486588cee7781bb56a7bd92ac44a50?s=96&d=mm&r=g\",\"caption\":\"K\u00e9vin Keovilay\"},\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/kevinkeovilay\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Rancher RKE2: Rancher roles for cluster autoscaler - dbi Blog","description":"The cluster autoscaler uses a user's API key. Let's configure minimal permissions by creating Rancher roles for cluster autoscaler.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/","og_locale":"en_US","og_type":"article","og_title":"Rancher RKE2: Rancher roles for cluster autoscaler","og_description":"The cluster autoscaler uses a user's API key. Let's configure minimal permissions by creating Rancher roles for cluster autoscaler.","og_url":"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/","og_site_name":"dbi Blog","article_published_time":"2024-04-17T08:12:09+00:00","article_modified_time":"2024-04-17T08:12:12+00:00","og_image":[{"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-1024x509.png","type":"","width":"","height":""}],"author":"K\u00e9vin Keovilay","twitter_card":"summary_large_image","twitter_misc":{"Written by":"K\u00e9vin Keovilay","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/"},"author":{"name":"K\u00e9vin Keovilay","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/3fb75c1e02be0c3b331471c8313cd9f7"},"headline":"Rancher RKE2: Rancher roles for cluster autoscaler","datePublished":"2024-04-17T08:12:09+00:00","dateModified":"2024-04-17T08:12:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/"},"wordCount":713,"commentCount":0,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-1024x509.png","keywords":["devops","kubernetes","Rancher","SuSE"],"articleSection":["DevOps","Kubernetes"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/","url":"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/","name":"Rancher RKE2: Rancher roles for cluster autoscaler - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-1024x509.png","datePublished":"2024-04-17T08:12:09+00:00","dateModified":"2024-04-17T08:12:12+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/3fb75c1e02be0c3b331471c8313cd9f7"},"description":"The cluster autoscaler uses a user's API key. Let's configure minimal permissions by creating Rancher roles for cluster autoscaler.","breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image.png","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image.png","width":3304,"height":1642},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/rancher-rke2-rancher-roles-for-cluster-autoscaler\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Rancher RKE2: Rancher roles for cluster autoscaler"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/3fb75c1e02be0c3b331471c8313cd9f7","name":"K\u00e9vin Keovilay","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aea984148a511f3db5117060e702df298f486588cee7781bb56a7bd92ac44a50?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aea984148a511f3db5117060e702df298f486588cee7781bb56a7bd92ac44a50?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aea984148a511f3db5117060e702df298f486588cee7781bb56a7bd92ac44a50?s=96&d=mm&r=g","caption":"K\u00e9vin Keovilay"},"url":"https:\/\/www.dbi-services.com\/blog\/author\/kevinkeovilay\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/31646","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/132"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=31646"}],"version-history":[{"count":10,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/31646\/revisions"}],"predecessor-version":[{"id":31928,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/31646\/revisions\/31928"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=31646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=31646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=31646"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=31646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}