Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- - !policy
- id: conjur/authn-k8s/conjur-follower
- #Subpolicy to define all things required for OpenShift Authentication
- body:
- - !webservice
- annotations:
- description: Authentication service definition for follower namespace
- - !policy #policy definition for CA - used as part of authenticator
- id: ca
- body:
- - !variable
- id: cert
- annotations:
- description: CA Cert for OpenShift Pods
- - !variable
- id: key
- annotations:
- description: Corresponding CA key for OpenShift Pod Cert
- - !policy
- id: apps
- annotations:
- description: Apps policy - all hosts must be members for OpenShift auth
- body:
- - !layer #creating "group of applications" for ease of provisioning
- - &PetShelterAppHosts
- - !host
- id: secure-pet-shelter/*/*
- annotations:
- kubernetes/authentication-container-name: authenticator
- openshift: true
- - &Go-AppHosts
- - !host
- id: go-app/*/*
- annotations:
- kubernetes/authentication-container-name: authenticator
- openshift: true
- - !grant
- role: !layer
- members: *PetShelterAppHosts
- - !grant
- role: !layer
- members: *Go-AppHosts
- - !permit
- resource: !webservice
- privileges: [ read, authenticate ]
- role: !layer /conjur/authn-k8s/conjur-follower/apps
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement