Avoid restoring system cluster resources
rverchere opened this issue · 4 comments
Rancher Server Setup
- Rancher version: 2.6.10
- Installation option (Docker install/Helm Chart): Helm
- Kubernetes Version and Engine: 1.23.14, managed
Describe the bug
When restoring a rancher to a cluster which has not the same underlying components (i.e. from rke1 to managed one - gcp, aws, whatever), the restoring tool restores a LOT of resources, including ClusterRoles system:*
which should not be modified.
This leads to some unexpected behaviour on my side : metric-server does not work anymore, default SA cannot resolve DNS, ...
To Reproduce
Steps to reproduce the behavior:
- Restore a cluster
- Check
system:*
ClusterRoles, they are modified
Expected behavior
- Restore a cluster
- Check
system:*
ClusterRoles, they should not be modified
Workaround
- Get system: ressources from another "clean" cluster, and apply them
Totally agree with @rverchere ! Modifying cluster system roles is usually not a good idea.
Or at least should be an option IMHO
I will have to check whether or not this use case is supported. For now I am marking it as a feature request.