Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 18 for rbac (0.03 sec)

  1. manifests/addons/values-grafana.yaml

    # Avoid creating a bunch of RBAC rules for features we are not enabling
    rbac:
      create: false
      pspEnabled: false
    
    # Disable test pods
    testFramework:
      enabled: false
    
    podLabels:
      sidecar.istio.io/inject: "false"
    
    # Demo only, so we will have no authentication
    admin:
      existingSecret: ""
    ldap:
      existingSecret: true
    env:
      GF_SECURITY_ADMIN_USER: "admin"
      GF_SECURITY_ADMIN_PASSWORD: "admin"
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Wed Jun 12 20:46:28 UTC 2024
    - 1.7K bytes
    - Viewed (0)
  2. istioctl/pkg/describe/describe.go

    		return []string{}, err
    	}
    
    	// Identify RBAC policies. Currently there are no "breadcrumbs" so we only return the policy names.
    	for _, httpFilter := range hcm.HttpFilters {
    		if httpFilter.Name == wellknown.HTTPRoleBasedAccessControl {
    			rbac := &rbachttp.RBAC{}
    			if err := httpFilter.GetTypedConfig().UnmarshalTo(rbac); err == nil {
    				policies := []string{}
    				for polName := range rbac.Rules.Policies {
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Thu Oct 24 17:36:49 UTC 2024
    - 50.6K bytes
    - Viewed (0)
  3. istioctl/pkg/precheck/precheck.go

    		group     string
    		version   string
    		resource  string
    	}{
    		{
    			version:  "v1",
    			resource: "namespaces",
    		},
    		{
    			group:    "rbac.authorization.k8s.io",
    			version:  "v1",
    			resource: "clusterroles",
    		},
    		{
    			group:    "rbac.authorization.k8s.io",
    			version:  "v1",
    			resource: "clusterrolebindings",
    		},
    		{
    			group:    "apiextensions.k8s.io",
    			version:  "v1",
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Thu Oct 24 02:31:32 UTC 2024
    - 15.3K bytes
    - Viewed (0)
  4. architecture/tests/integration.md

    - **Focus**:
      1. Authentication and authorization mechanisms.
      1. Interaction between security components and Istio control plane.
      1. Validation of mutual TLS (mTLS) configurations.
      1. Testing of JWT token validation and RBAC policies.
      1. Validation of certificate management and rotation.
    - **Setup**: The main test setup in this folder initializes the Istio control plane with security configurations.
    
    ## Adding a New Integration Test
    
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Wed Oct 09 00:57:44 UTC 2024
    - 5.9K bytes
    - Viewed (0)
  5. cni/README.md

        - [RBAC](https://docs.projectcalico.org/v3.2/getting-started/kubernetes/installation/rbac.yaml) - this creates the service account the CNI plugin is configured to use to access the kube-api-server...
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Wed Jul 17 23:10:17 UTC 2024
    - 10.5K bytes
    - Viewed (0)
  6. architecture/ambient/ztunnel.md

    This is fairly straightforward.
    
    First, we need to check that this traffic is allowed.
    Traffic may be denied by RBAC policies (especially from a `STRICT` mode enforcement, which denies plaintext traffic).
    
    If it is allowed, we will forward to the target destination.
    
    #### Hairpin
    
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Wed Jul 17 23:10:17 UTC 2024
    - 16.8K bytes
    - Viewed (0)
  7. CHANGELOG/CHANGELOG-1.32.md

      Similarly you can also access  kubelet's `/pods` endpoint to fetch a list of Pods bound to that node by granting the caller `nodes/pods` permission in RBAC.
      Similarly you can also access kubelet's `/configz` endpoint to fetch kubelet's configuration by granting the caller `nodes/configz` permission in RBAC.
    Registered: Fri Nov 01 09:05:11 UTC 2024
    - Last Modified: Tue Oct 29 20:17:52 UTC 2024
    - 121.6K bytes
    - Viewed (0)
  8. CHANGELOG/CHANGELOG-1.29.md

     - `kubeadm`: a separate "super-admin.conf" file is now deployed. The User in `admin.conf` is now bound to a new RBAC Group `kubeadm:cluster-admins` that has `cluster-admin` `ClusterRole` access. The User in `super-admin.conf` is now bound to the `system:masters` built-in super-powers / break-glass Group that can bypass RBAC. Before this change, the default `admin.conf` was bound to `system:masters` Group, which was undesired. Executing `kubeadm init phase kubeconfig...
    Registered: Fri Nov 01 09:05:11 UTC 2024
    - Last Modified: Wed Oct 23 04:37:31 UTC 2024
    - 375.1K bytes
    - Viewed (1)
  9. CHANGELOG/CHANGELOG-1.30.md

    - Kubeadm: avoided uploading a defaulted flag value "--authorization-mode=Node,RBAC" for the kube-apiserver in the ClusterConfiguration stored in the "kube-system/kubeadm-config" ConfigMap. "Node,RBAC" are already the kubeadm defaults for this flag, so this action is redundant. ([#123555](https://github.com/kubernetes/kubernetes/pull/123555), [@neolit123](https://github.com/neolit123))
    Registered: Fri Nov 01 09:05:11 UTC 2024
    - Last Modified: Wed Oct 23 04:40:14 UTC 2024
    - 309.1K bytes
    - Viewed (0)
  10. docs/iam/policies/pbac-tests.sh

    Harshavardhana <******@****.***> 1719251988 -0700
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Jun 25 01:15:27 UTC 2024
    - 2.5K bytes
    - Viewed (0)
Back to top