Skip to content

Commit 4e7d3b5

Browse files
author
王骜
authored
feat(auth): reset abac policy (#1155)
1 parent b08fc5b commit 4e7d3b5

File tree

2 files changed

+3
-5
lines changed

2 files changed

+3
-5
lines changed

charts/tke-auth-api/templates/configmap.yaml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,7 @@ metadata:
66
{{- include "tke-auth-api.labels" . | nindent 4 }}
77
data:
88
abac-policy.json: |
9-
{"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"system:kube-*|system:serviceaccount:kube-system:*","namespace":"*", "resource":"*","apiGroup":"*tkestack.io", "group": "*", "nonResourcePath":"*"}}
10-
{"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"^system:serviceaccount:tke:default$","namespace":"*", "resource":"*","apiGroup":"*", "group": "*", "nonResourcePath":"*"}}
9+
{"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"system:*","namespace":"*", "resource":"*","apiGroup":"*", "group": "*", "nonResourcePath":"*"}}
1110
tke-auth-api.toml: |
1211
[secure_serving]
1312
tls_cert_file = "/app/certs/tke-auth-api/tls.crt"

cmd/tke-installer/app/installer/manifests/tke-auth-api/tke-auth-api.yaml

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -86,8 +86,7 @@ metadata:
8686
namespace: tke
8787
data:
8888
abac-policy.json: |
89-
{"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"system:kube-*|system:serviceaccount:kube-system:*","namespace":"*", "resource":"*","apiGroup":"*tkestack.io", "group": "*", "nonResourcePath":"*"}}
90-
{"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"^system:serviceaccount:tke:default$","namespace":"*", "resource":"*","apiGroup":"*", "group": "*", "nonResourcePath":"*"}}
89+
{"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"system:*","namespace":"*", "resource":"*","apiGroup":"*", "group": "*", "nonResourcePath":"*"}}
9190
tke-auth-api.toml: |
9291
[secure_serving]
9392
tls_cert_file = "/app/certs/server.crt"
@@ -159,4 +158,4 @@ data:
159158
cluster: tke
160159
name: tke
161160
162-
{{- end }}
161+
{{- end }}

0 commit comments

Comments
 (0)