mirror of
https://github.com/gravitational/teleport
synced 2024-10-19 16:53:57 +00:00
40861809a6
This PR includes a new Role resource version that is compatible with V5 spec. The new resource introduces the `kubernetes_resources` definition that allows operators to limit the Kubernetes resources that each member can access. The `kubernetes_resources` entries must follow the following format: `{"kind":"<kind>", "namespace":"<namespace>","name":"<pod>"}`. Currently, it only supports objects of `kind` `pod`. Valid examples `<namespace>/<name>: - `*/*`: matches all pods in all namespaces. - `default/*`: matches all pods in the `default` namespace. - `*/nginx-*`: matches every pod prefixed with `nginx-` in every namespace. For older resource versions - V5, V4, V3 - `kubernetes_resources` is automatically populated with `{"kind":"pod","namespace":"*","name":"*"}` to keep compatibility. For the newest version, it's mandatory to define its value otherwise access to pods will be denied. Part of #18434 |
||
---|---|---|
.. | ||
sidecar.go | ||
tbot.go |