Rbac - Code Search

plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-roles.yaml

    - patch
    - update
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    annotations:
      rbac.authorization.kubernetes.io/autoupdate: "true"
    creationTimestamp: null
    labels:
      kubernetes.io/bootstrapping: rbac-defaults
    name: system:controller:clusterrole-aggregation-controller
  rules:
  - apiGroups:
    - rbac.authorization.k8s.io
    resources:

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Wed Mar 06 00:00:21 UTC 2024

- 26.6K bytes

- Viewed (0)

github.com/kubernetes/kubernetes

plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-role-bindings.yaml

apiVersion: v1
items:
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    annotations:
      rbac.authorization.kubernetes.io/autoupdate: "true"
    creationTimestamp: null
    labels:
      kubernetes.io/bootstrapping: rbac-defaults
    name: system:controller:attachdetach-controller
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: system:controller:attachdetach-controller

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Wed Mar 06 00:00:21 UTC 2024

- 16.9K bytes

- Viewed (0)

github.com/istio/istio

pilot/pkg/security/authz/builder/builder.go

			ConfigType: &listener.Filter_TypedConfig{TypedConfig: protoconv.MessageToAny(rbac)},
		},
		{
			Name:       wellknown.ExternalAuthorization,
			ConfigType: &listener.Filter_TypedConfig{TypedConfig: protoconv.MessageToAny(extauthz.tcp)},
		},
	}
}

func getBadCustomDenyRules(rules *rbacpb.RBAC) *rbacpb.RBAC {
	rbac := &rbacpb.RBAC{
		Action:   rbacpb.RBAC_DENY,
		Policies: map[string]*rbacpb.Policy{},
	}

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Mon Nov 20 22:15:12 UTC 2023

- 12.6K bytes

- Viewed (0)

github.com/kubernetes/kubernetes

staging/src/k8s.io/api/rbac/v1beta1/types.go

// +k8s:prerelease-lifecycle-gen:deprecated=1.17
// +k8s:prerelease-lifecycle-gen:removed=1.22
// +k8s:prerelease-lifecycle-gen:replacement=rbac.authorization.k8s.io,v1,Role

// Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 Role, and will no longer be served in v1.22.
type Role struct {
	metav1.TypeMeta `json:",inline"`

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Thu Mar 28 22:49:19 UTC 2024

- 13.1K bytes

- Viewed (0)

github.com/istio/istio

pilot/pkg/networking/grpcgen/lds.go

		if rules != nil && len(rules.Policies) > 0 {
			rbac := &rbachttp.RBAC{
				Rules: rules,
			}
			fc = append(fc,
				&hcm.HttpFilter{
					Name:       RBACHTTPFilterNameDeny,
					ConfigType: &hcm.HttpFilter_TypedConfig{TypedConfig: protoconv.MessageToAny(rbac)},
				})
		}
		arules := buildRBAC(node, push, nameSuffix, tlsContext, rbacpb.RBAC_ALLOW, policies.Allow)

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Wed Apr 17 22:20:44 UTC 2024

- 14.6K bytes

- Viewed (0)

github.com/kubernetes/kubernetes

pkg/api/testing/defaulting_test.go

		{Group: "rbac.authorization.k8s.io", Version: "v1alpha1", Kind: "ClusterRoleBinding"}:                      {},
		{Group: "rbac.authorization.k8s.io", Version: "v1alpha1", Kind: "ClusterRoleBindingList"}:                  {},
		{Group: "rbac.authorization.k8s.io", Version: "v1alpha1", Kind: "RoleBinding"}:                             {},

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Wed Mar 06 00:00:21 UTC 2024

- 20.3K bytes

- Viewed (0)

github.com/kubernetes/kubernetes

staging/src/k8s.io/api/rbac/v1alpha1/types.go

	ServiceAccountKind = "ServiceAccount"
	UserKind           = "User"

	// AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false"
	AutoUpdateAnnotationKey = "rbac.authorization.kubernetes.io/autoupdate"
)

// Authorization is calculated against
// 1. evaluation of ClusterRoleBindings - short circuit on match

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Thu Mar 28 22:49:19 UTC 2024

- 11.2K bytes

- Viewed (0)

github.com/istio/istio

samples/addons/kiali.yaml

    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/part-of: "kiali"
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kiali
subjects:
- kind: ServiceAccount
  name: kiali
  namespace: istio-system
...
---
# Source: kiali-server/templates/role-controlplane.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: kiali-controlplane
  namespace: istio-system

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Wed Jun 12 18:57:35 UTC 2024

- 10.6K bytes

- Viewed (0)

github.com/istio/istio

samples/security/spire/spire-quickstart.yaml

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: spire-server-cluster-role-binding
subjects:
- kind: ServiceAccount
  name: spire-server
  namespace: spire
roleRef:
  kind: ClusterRole
  name: spire-server-cluster-role
  apiGroup: rbac.authorization.k8s.io

---
# Role for the SPIRE server.
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: spire

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Thu Oct 12 16:12:42 UTC 2023

- 32.2K bytes

- Viewed (0)

github.com/istio/istio

pilot/pkg/security/authz/builder/testdata/tcp/deny-both-http-tcp-out.yaml

name: envoy.filters.network.rbac
typedConfig:
  '@type': type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC
  rules:
    action: DENY
    policies:
      ns[foo]-policy[httpbin-deny]-rule[0]:
        permissions:
        - andRules:
            rules:
            - any: true
        principals:
        - andIds:
            ids:
            - any: true
      ns[foo]-policy[httpbin-deny]-rule[1]:
        permissions:

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Tue Oct 17 16:35:46 UTC 2023

- 11.1K bytes

- Viewed (0)

Search Options