56 lines
903 B
YAML
56 lines
903 B
YAML
apiVersion: iam.kubesphere.io/v1alpha2
|
||
kind: PolicyRule
|
||
metadata:
|
||
labels:
|
||
controller-tools.k8s.io: "1.0"
|
||
name: always-allow
|
||
scope: Global
|
||
rego: 'package authz\ndefault allow = true'
|
||
|
||
---
|
||
|
||
apiVersion: iam.kubesphere.io/v1alpha2
|
||
kind: PolicyRule
|
||
metadata:
|
||
labels:
|
||
controller-tools.k8s.io: "1.0"
|
||
name: always-deny
|
||
scope: Global
|
||
rego: |
|
||
package authz
|
||
default allow = false
|
||
|
||
---
|
||
|
||
apiVersion: iam.kubesphere.io/v1alpha2
|
||
kind: PolicyRule
|
||
metadata:
|
||
labels:
|
||
controller-tools.k8s.io: "1.0"
|
||
name: cluster-manage
|
||
scope: Global
|
||
rego: |
|
||
package authz
|
||
default allow = false
|
||
allow {
|
||
input.Resource == 'clusters'
|
||
}
|
||
|
||
---
|
||
|
||
apiVersion: iam.kubesphere.io/v1alpha2
|
||
kind: PolicyRule
|
||
metadata:
|
||
labels:
|
||
controller-tools.k8s.io: "1.0"
|
||
name: some-namespace-manage
|
||
scope: Namespace
|
||
rego: |
|
||
package authz
|
||
default allow = false
|
||
allow {
|
||
input.Resource == 'clusters'
|
||
}
|
||
|
||
|