Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-9287

Fernet key rotation - RBAC

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Normal Normal
    • rhos-18.0 FR 1 (Nov 2024)
    • None
    • None
    • None
    • DFG Security: UC Sprint 101
    • 1

      To give the new job access to modifying secrets, we'll need to create an RBAC role, this might be a starting point:

      kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: <role-name>
  namespace: <namespace>
rules:
- apiGroups: [""]
  resources:
  - secrets
  verbs:
  - 'delete'
  - 'create'
  - 'patch'
  - 'get'

---

kind: ServiceAccount
apiVersion: v1
metadata:
  name: <service-account>
  namespace: <namespace>

---

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: <role-binding>
  namespace: <namespace>
subjects:
- kind: ServiceAccount
  name: <service-account>
  namespace: <namespace>
roleRef:
  kind: Role
  name: <role-name>
  apiGroup: ""

       

       

              ggrasza@redhat.com Grzegorz Grasza
              ggrasza@redhat.com Grzegorz Grasza
              rhos-dfg-security
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: