Feasibility of Turtles with Hosted Rancher

[mbologna]

Can Turtles be used with Hosted Rancher? Hosted Rancher users have less privileges than the users in Rancher.

We can test it at https://support.rancher.cloud/dashboard/auth/login and provide the answer to Camryn.

[Danil-Grigorev]

It seems that the imported hosted cluster is not available to explore. This blocks from attempting to install turtles, and the local cluster is not visible in this prime instance to debug more.

[CamrynCarter]

@Danil-Grigorev What if Turtles was already installed? Based on the RBAC, does it seem like provisioning with CAPI would be possible as a restricted admin (or equivalent permissions)? Let me know if getting a temporary environment with Turtles installed would help.

[Danil-Grigorev]

Having Turtles already installed would help. Since restricted admin can only access downstream clusters either should be true:

• Something has to create CAPI clusters in the local cluster if the user can’t create clusters with appropriate labels. CAPI infrastructure will be rolled out by turtles to allow clusters creation, but it will be restricted to default set of installed providers (Core, RKE2 CP…). If clusters have appropriate labels, then they will be automatically imported.
• If the hosted cluster in the provided environment is the downstream cluster, and it will manage the latter downstream CAPI clusters created by this, then there is a problem that turtles chart can’t be installed in child clusters, unless they are a rancher manager replica as well.

[CamrynCarter]

@Danil-Grigorev Can we proxy this using a regular Rancher instance that has Turtles installed and a restricted admin user instead of having a separate Hosted environment?