-
Notifications
You must be signed in to change notification settings - Fork 1
/
example_config.yaml
executable file
·67 lines (67 loc) · 1.88 KB
/
example_config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
version: v2.0.0
logger:
log_path: /var/log/athenz/webhook.log
log_trace: server,athenz,mapping
server:
port: 443
health_check_port: 8080
health_check_path: /healthz
timeout: 5s
shutdown_duration: 5s
probe_wait_time: 3s
tls:
enabled: true
cert: _cert_
key: _key_
ca: _ca_
athenz:
auth_header: Athenz-Principal-Auth
url: https://www.athenz.com/zts/v1
timeout: 5s
root_ca: _root_ca_
token:
athenz_domain: _athenz_domain_
service_name: _athenz_service_
ntoken_path: /tmp/ntoken
private_key: _athenz_private_key_
validate_token: false
refresh_duration: 10s
key_version: v1.0
expiration: 5s
map_rule:
tld:
name: aks
platform:
name: aks
# service_athenz_domains:
# - _tld_.k8s._segment_._uk-cluster_._namespace_._env_._k8s-cluster_._k8s-namespace_
service_athenz_domains:
- _kaas_namespace_.k8s._k8s_cluster_1._namespace_ # max-length = 44
- _kaas_namespace_.k8s._k8s_cluster_2._namespace_ # max-length = 44
# service_athenz_domains:
# - _namespace_.aks
# service_athenz_domains:
# - _namespace_.k8s
resource_mappings:
k8sResource1: athenzResource1
# k8sResource2: athenzResource2
# k8sResource3: athenzResource3
verb_mappings:
verb1: action1
# verb2: action2
# verb3: action3
api_group_control: true
api_group_mappings:
"": "core"
empty_namespace: all-namespace
resource_name_control: true
resource_name_mappings:
"resource": "resource"
non_resource_api_group: nonres
non_resource_namespace: nonres
service_account_prefixes:
- "system:serviceaccount:"
- "system-serviceaccount-"
athenz_user_prefix: user.
athenz_service_account_prefix: _kaas_namespace_.k8s._k8s_cluster_2._namespace_.service_account.
admin_athenz_domain: aks.admin