Skip to content

Instantly share code, notes, and snippets.

@jkeam

jkeam/create-read-only-servicemesh-user.md

Created May 16, 2024 04:23
Show Gist options
  • Save jkeam/13675a5385243aad5ee2e042b6e0525b to your computer and use it in GitHub Desktop.
Save jkeam/13675a5385243aad5ee2e042b6e0525b to your computer and use it in GitHub Desktop.
Download ZIP
Create read only service mesh user
Raw
create-read-only-servicemesh-user.md

Create Read Only Servicemesh User

  1. Create user named ossm-viewer using htpasswd

  2. Either make the user a cluster-reader

oc adm policy add-cluster-role-to-user cluster-reader ossm-viewer
  1. Or apply the following yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: ossm-reader-crole
rules:
- apiGroups: ["maistra.io/v1"]
  resources: ["*"]
  verbs: ["get", "watch", "list"]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: ossm-reader-crolebinding
subjects:
- kind: User
  name: ossm-viewer
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: ossm-reader-crole
  apiGroup: rbac.authorization.k8s.io
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment