mirror of
https://github.com/gravitational/teleport
synced 2024-10-19 16:53:57 +00:00
40861809a6
This PR includes a new Role resource version that is compatible with V5 spec.
The new resource introduces the `kubernetes_resources` definition that allows operators to limit the Kubernetes resources that each member can access. The `kubernetes_resources` entries must follow the following format: `{"kind":"<kind>", "namespace":"<namespace>","name":"<pod>"}`. Currently, it only supports objects of `kind` `pod`. Valid examples `<namespace>/<name>:
- `*/*`: matches all pods in all namespaces.
- `default/*`: matches all pods in the `default` namespace.
- `*/nginx-*`: matches every pod prefixed with `nginx-` in every namespace.
For older resource versions - V5, V4, V3 - `kubernetes_resources` is automatically populated with `{"kind":"pod","namespace":"*","name":"*"}` to keep compatibility. For the newest version, it's mandatory to define its value otherwise access to pods will be denied.
Part of #18434
|
||
|---|---|---|
| .. | ||
| resources.teleport.dev_githubconnectors.yaml | ||
| resources.teleport.dev_oidcconnectors.yaml | ||
| resources.teleport.dev_roles.yaml | ||
| resources.teleport.dev_samlconnectors.yaml | ||
| resources.teleport.dev_users.yaml | ||