clean old devops code
todo impl use informer Signed-off-by: runzexia <runzexia@yunify.com>
This commit is contained in:
runzexia
55
config/samples/iam_v1alpha2_policyrule.yaml
Normal file
55
config/samples/iam_v1alpha2_policyrule.yaml
Normal file
@@ -0,0 +1,55 @@
|
||||
apiVersion: iam.kubesphere.io/v1alpha2
|
||||
kind: PolicyRule
|
||||
metadata:
|
||||
labels:
|
||||
controller-tools.k8s.io: "1.0"
|
||||
name: always-allow
|
||||
scope: Global
|
||||
rego: 'package authz\ndefault allow = true'
|
||||
|
||||
---
|
||||
|
||||
apiVersion: iam.kubesphere.io/v1alpha2
|
||||
kind: PolicyRule
|
||||
metadata:
|
||||
labels:
|
||||
controller-tools.k8s.io: "1.0"
|
||||
name: always-deny
|
||||
scope: Global
|
||||
rego: |
|
||||
package authz
|
||||
default allow = false
|
||||
|
||||
---
|
||||
|
||||
apiVersion: iam.kubesphere.io/v1alpha2
|
||||
kind: PolicyRule
|
||||
metadata:
|
||||
labels:
|
||||
controller-tools.k8s.io: "1.0"
|
||||
name: cluster-manage
|
||||
scope: Global
|
||||
rego: |
|
||||
package authz
|
||||
default allow = false
|
||||
allow {
|
||||
input.Resource == 'clusters'
|
||||
}
|
||||
|
||||
---
|
||||
|
||||
apiVersion: iam.kubesphere.io/v1alpha2
|
||||
kind: PolicyRule
|
||||
metadata:
|
||||
labels:
|
||||
controller-tools.k8s.io: "1.0"
|
||||
name: some-namespace-manage
|
||||
scope: Namespace
|
||||
rego: |
|
||||
package authz
|
||||
default allow = false
|
||||
allow {
|
||||
input.Resource == 'clusters'
|
||||
}
|
||||
|
||||
|
||||
30
config/samples/iam_v1alpha2_role.yaml
Normal file
30
config/samples/iam_v1alpha2_role.yaml
Normal file
@@ -0,0 +1,30 @@
|
||||
apiVersion: iam.kubesphere.io/v1alpha2
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
controller-tools.k8s.io: "1.0"
|
||||
name: cluster-admin
|
||||
target:
|
||||
scope: Global
|
||||
name: ''
|
||||
rules:
|
||||
- apiGroup: iam.kubesphere.io/v1alpha2
|
||||
kind: PolicyRule
|
||||
name: always-allow
|
||||
|
||||
---
|
||||
|
||||
apiVersion: iam.kubesphere.io/v1alpha2
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
controller-tools.k8s.io: "1.0"
|
||||
name: anonymous
|
||||
target:
|
||||
scope: Global
|
||||
name: ''
|
||||
rules:
|
||||
- apiGroup: iam.kubesphere.io/v1alpha2
|
||||
kind: PolicyRule
|
||||
name: always-deny
|
||||
|
||||
15
config/samples/iam_v1alpha2_rolebinding.yaml
Normal file
15
config/samples/iam_v1alpha2_rolebinding.yaml
Normal file
@@ -0,0 +1,15 @@
|
||||
apiVersion: iam.kubesphere.io/v1alpha2
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
controller-tools.k8s.io: "1.0"
|
||||
name: cluster-admin
|
||||
scope: Global
|
||||
roleRef:
|
||||
apiGroup: iam.kubesphere.io/v1alpha2
|
||||
kind: Role
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- apiGroup: iam.kubesphere.io/v1alpha2
|
||||
kind: User
|
||||
name: admin
|
||||
@@ -6,4 +6,4 @@ metadata:
|
||||
name: admin
|
||||
spec:
|
||||
email: admin@kubesphere.io
|
||||
password: d41d8cd98f00b204e9800998ecf8427e
|
||||
password: P@88w0rd
|
||||
|
||||
Reference in New Issue
Block a user