Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Clean Example of Authn-K8s Policy for CyberArk DAP & Conjur Open Source
- !policy
id: conjur/authn-k8s/conjur-follower
#Subpolicy to define all things required for OpenShift Authentication
body:
- !webservice
annotations:
description: Authentication service definition for follower namespace
- !policy #policy definition for CA - used as part of authenticator
id: ca
body:
- !variable
id: cert
annotations:
description: CA Cert for OpenShift Pods
- !variable
id: key
annotations:
description: Corresponding CA key for OpenShift Pod Cert
- !policy
id: apps
annotations:
description: Apps policy - all hosts must be members for OpenShift auth
body:
- !layer #creating "group of applications" for ease of provisioning
- &PetShelterAppHosts
- !host
id: secure-pet-shelter/*/*
annotations:
kubernetes/authentication-container-name: authenticator
openshift: true
- &Go-AppHosts
- !host
id: go-app/*/*
annotations:
kubernetes/authentication-container-name: authenticator
openshift: true
- !grant
role: !layer
members: *PetShelterAppHosts
- !grant
role: !layer
members: *Go-AppHosts
- !permit
resource: !webservice
privileges: [ read, authenticate ]
role: !layer /conjur/authn-k8s/conjur-follower/apps
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.