Generating Deployment Profiles
Deployment Profiles are a way of both providing first-time default settings for Rancher Desktop, and locking down any or all of the application settings. The purpose of this guide is to demonstrate how to create deployment profiles. General information about deployment profiles are further detailed in Getting Started > Deployment Profiles.
If your organization has its own methods of remotely configuring users' systems, it is out of the scope of this document.
Where do deployment profiles get installed?​
The profile locations vary for each platform. We'll cover them from the simplest to most complex, and it is worth noting the file generation steps below will refer to these locations:
Linux​
User deployments are stored in:
~/.config/rancher-desktop.defaults.json
~/.config/rancher-desktop.locked.json
If the XDG_CONFIG_HOME
environment variable is set, the user deployments are stored there instead of in ~/.config/...
.
System deployments always go in:
/etc/rancher-desktop/defaults.json
/etc/rancher-desktop/locked.json
As is apparent from the filenames' extensions, they are json
files.
macOS​
User deployments are stored in:
~/Library/Preferences/io.rancherdesktop.profile.defaults.plist
~/Library/Preferences/io.rancherdesktop.profile.locked.plist
System deployments always go in:
/Library/Preferences/io.rancherdesktop.profile.defaults.plist
/Library/Preferences/io.rancherdesktop.profile.locked.plist
These two lists look similar but differ in permissions. The user-deployments go under the user's home directory, while the system deployments are in the common /Library/
tree, and cannot be modified by users without root privileges.
These files are all in a plain-text form of Apple's plist
format, an XML-based language. It is possible to manually create these files, and the process is described below in "Generating Deployments".
Windows​
The Windows deployments are stored in the registry. User deployments are stored at:
HKEY_CURRENT_USER\SOFTWARE\Policies\Rancher Desktop\Defaults
HKEY_CURRENT_USER\SOFTWARE\Policies\Rancher Desktop\Locked
And the system deployments are stored at:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Rancher Desktop\Defaults
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Rancher Desktop\Locked
The structure of the registry instances follows the structure of the JSON files for the other platforms. The name of a non-leaf node in the JSON structure (a name to the left of a ":") will appear as a registry key. Leaf nodes appear as key-value pairs in the right-hand pane of a key's view where the key is the field's name. And hash-like objects (like WSL.integrations
) also appear as key-value pairs, in this case for the key ...\WSL\integrations
.
Additionally, if you're coding against the registry, names are always case-insensitive. Feel free to use all lower-case, UPPER-CASE, or spOnGeBoBCasE.
Generating deployments​
The easiest way to do this is on a system already running Rancher Desktop, mainly for its rdctl
command-line tool, and the default list of settings.
First, you're going to want to verify that the deployments you create make sense on a working Rancher Desktop, so the rest of this document assumes you'll have access to it. Rancher Desktop runs on air-gapped systems, so if you're creating deployments for security-related reasons, security shouldn't be a concern while creating them.
Prerequisite​
We also assume you've installed the jq
json tool. If you have a preferred variant, simply substitute it for jq
in the following text.