jkeam/create-read-only-servicemesh-user.md

Created May 16, 2024 04:23

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/jkeam/13675a5385243aad5ee2e042b6e0525b.js"></script>
Save jkeam/13675a5385243aad5ee2e042b6e0525b to your computer and use it in GitHub Desktop.

Download ZIP

Create read only service mesh user

Raw

create-read-only-servicemesh-user.md

Create Read Only Servicemesh User

Create user named ossm-viewer using htpasswd
Either make the user a cluster-reader

oc adm policy add-cluster-role-to-user cluster-reader ossm-viewer

Or apply the following yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: ossm-reader-crole
rules:
- apiGroups: ["maistra.io/v1"]
  resources: ["*"]
  verbs: ["get", "watch", "list"]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: ossm-reader-crolebinding
subjects:
- kind: User
  name: ossm-viewer
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: ossm-reader-crole
  apiGroup: rbac.authorization.k8s.io

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment