Skip to content

Commit

Permalink
feat(auth): reset abac policy (#1155)
Browse files Browse the repository at this point in the history
  • Loading branch information
@wangao1236
wangao1236 committed Mar 25, 2021
1 parent b08fc5b commit 4e7d3b5
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 5 deletions.
3 changes: 1 addition & 2 deletions charts/tke-auth-api/templates/configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,7 @@ metadata:
{{- include "tke-auth-api.labels" . | nindent 4 }}
data:
abac-policy.json: |
{"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"system:kube-*|system:serviceaccount:kube-system:*","namespace":"*", "resource":"*","apiGroup":"*tkestack.io", "group": "*", "nonResourcePath":"*"}}
{"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"^system:serviceaccount:tke:default$","namespace":"*", "resource":"*","apiGroup":"*", "group": "*", "nonResourcePath":"*"}}
{"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"system:*","namespace":"*", "resource":"*","apiGroup":"*", "group": "*", "nonResourcePath":"*"}}
tke-auth-api.toml: |
[secure_serving]
tls_cert_file = "/app/certs/tke-auth-api/tls.crt"
Expand Down
5 changes: 2 additions & 3 deletions cmd/tke-installer/app/installer/manifests/tke-auth-api/tke-auth-api.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,7 @@ metadata:
namespace: tke
data:
abac-policy.json: |
{"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"system:kube-*|system:serviceaccount:kube-system:*","namespace":"*", "resource":"*","apiGroup":"*tkestack.io", "group": "*", "nonResourcePath":"*"}}
{"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"^system:serviceaccount:tke:default$","namespace":"*", "resource":"*","apiGroup":"*", "group": "*", "nonResourcePath":"*"}}
{"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"system:*","namespace":"*", "resource":"*","apiGroup":"*", "group": "*", "nonResourcePath":"*"}}
tke-auth-api.toml: |
[secure_serving]
tls_cert_file = "/app/certs/server.crt"
Expand Down Expand Up @@ -159,4 +158,4 @@ data:
cluster: tke
name: tke
{{- end }}
{{- end }}

0 comments on commit 4e7d3b5

Please sign in to comment.