...
| Code Block |
|---|
# user-mgmt-service:
# config:
# # Learn more:
# # - "reserved" built group names (should not to be used):
# # "kf_admin", "kf_reader_all"
# # - in built scope types:
# # scope_allow_all, scope_viewer_all, scope_allow_none
# # - role types:
# # admin, editor, viewer
# # Kloudfuse has following inbuilt RBAC policies
# # rbac_allow_all - allows all operations for everyone
# # rbac_allow_none - No accesss
# # rbac_view_all - allow all READ operations for everyone
# #
# default_rbac_policy: rbac_allow_all
# groups:
# - name: group_admin
# users:
# - id_key: X-Auth-Request-Email
# value: admin1@company.com
# - name: group_viewer_target_namespace
# users:
# - id_key: X-Auth-Request-Email
# value: op1@company.com
# - name: group_editor_otel_namespace
# users:
# - id_key: X-Auth-Request-User
# value: maintainer2userid
# rbac_policies:
# - name: rbac_viewer_target_namespace
# role: viewer
# scope:
# filters:
# - key: kube_namespace
# op: =
# value: target
# type: custom
# - name: rbac_editor_otel_namespace
# role: editor
# scope:
# filters:
# - key: kube_namespace
# op: =
# value: otel-demo-app
# type: custom
# rbac_configs:
# - group: group_admin
# policy: scope_allow_all
# - group: group_viewer_target_namespace
# policy: rbac_viewer_target_namespace
# - group: group_editor_otel_namespace
# policy: rbac_editor_otel_namespace |
...