rbac.tsb.tetrate.io/v2
Resource Types:
AccessBindings
Name | Type | Description | Required |
---|---|---|---|
apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
kind | string | AccessBindings | true |
metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
spec | object |
| false |
status | object | false |
AccessBindings.spec
AccessBindings
assigns permissions to users of any TSB resource.
Name | Type | Description | Required |
---|---|---|---|
allow | []object | The list of allowed bindings configures the different access profiles that are allowed on the target resource. | false |
description | string | A description of the resource. | false |
etag | string | The etag for the resource. | false |
AccessBindings.spec.allow[index]
Name | Type | Description | Required |
---|---|---|---|
role | string | The role that defines the permissions that will be granted to the target resource. | true |
subjects | []object | The set of subjects that will be allowed to access the target resource with the permissions defined by the role. | false |
AccessBindings.spec.allow[index].subjects[index]
Name | Type | Description | Required |
---|---|---|---|
serviceAccount | string | A service account in TSB. | false |
team | string | A team in TSB, created through LDAP sync or API. | false |
user | string | A user in TSB, created through LDAP sync or API. | false |
APIAccessBindings
Name | Type | Description | Required |
---|---|---|---|
apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
kind | string | APIAccessBindings | true |
metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
spec | object |
| false |
status | object | false |
APIAccessBindings.spec
APIAccessBindings
assigns permissions to users of APIs.
Name | Type | Description | Required |
---|---|---|---|
allow | []object | The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | false |
description | string | A description of the resource. | false |
etag | string | The etag for the resource. | false |
fqn | string | Fully-qualified name of the resource. | false |
APIAccessBindings.spec.allow[index]
Name | Type | Description | Required |
---|---|---|---|
role | string | The role that defines the permissions that will be granted to the target resource. | true |
subjects | []object | The set of subjects that will be allowed to access the target resource with the permissions defined by the role. | false |
APIAccessBindings.spec.allow[index].subjects[index]
Name | Type | Description | Required |
---|---|---|---|
serviceAccount | string | A service account in TSB. | false |
team | string | A team in TSB, created through LDAP sync or API. | false |
user | string | A user in TSB, created through LDAP sync or API. | false |
ApplicationAccessBindings
Name | Type | Description | Required |
---|---|---|---|
apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
kind | string | ApplicationAccessBindings | true |
metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
spec | object |
| false |
status | object | false |
ApplicationAccessBindings.spec
ApplicationAccessBindings
assigns permissions to users of applications.
Name | Type | Description | Required |
---|---|---|---|
allow | []object | The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | false |
description | string | A description of the resource. | false |
etag | string | The etag for the resource. | false |
fqn | string | Fully-qualified name of the resource. | false |
ApplicationAccessBindings.spec.allow[index]
Name | Type | Description | Required |
---|---|---|---|
role | string | The role that defines the permissions that will be granted to the target resource. | true |
subjects | []object | The set of subjects that will be allowed to access the target resource with the permissions defined by the role. | false |
ApplicationAccessBindings.spec.allow[index].subjects[index]
Name | Type | Description | Required |
---|---|---|---|
serviceAccount | string | A service account in TSB. | false |
team | string | A team in TSB, created through LDAP sync or API. | false |
user | string | A user in TSB, created through LDAP sync or API. | false |
GatewayAccessBindings
Name | Type | Description | Required |
---|---|---|---|
apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
kind | string | GatewayAccessBindings | true |
metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
spec | object |
| false |
status | object | false |
GatewayAccessBindings.spec
GatewayAccessBindings
assigns permissions to users of gateway groups.
Name | Type | Description | Required |
---|---|---|---|
allow | []object | The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | false |
description | string | A description of the resource. | false |
etag | string | The etag for the resource. | false |
fqn | string | Fully-qualified name of the resource. | false |
GatewayAccessBindings.spec.allow[index]
Name | Type | Description | Required |
---|---|---|---|
role | string | The role that defines the permissions that will be granted to the target resource. | true |
subjects | []object | The set of subjects that will be allowed to access the target resource with the permissions defined by the role. | false |
GatewayAccessBindings.spec.allow[index].subjects[index]
Name | Type | Description | Required |
---|---|---|---|
serviceAccount | string | A service account in TSB. | false |
team | string | A team in TSB, created through LDAP sync or API. | false |
user | string | A user in TSB, created through LDAP sync or API. | false |
IstioInternalAccessBindings
Name | Type | Description | Required |
---|---|---|---|
apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
kind | string | IstioInternalAccessBindings | true |
metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
spec | object |
| false |
status | object | false |
IstioInternalAccessBindings.spec
IstioInternalAccessBindings
assigns permissions to users of istio internal groups.
Name | Type | Description | Required |
---|---|---|---|
allow | []object | The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | false |
description | string | A description of the resource. | false |
etag | string | The etag for the resource. | false |
fqn | string | Fully-qualified name of the resource. | false |
IstioInternalAccessBindings.spec.allow[index]
Name | Type | Description | Required |
---|---|---|---|
role | string | The role that defines the permissions that will be granted to the target resource. | true |
subjects | []object | The set of subjects that will be allowed to access the target resource with the permissions defined by the role. | false |
IstioInternalAccessBindings.spec.allow[index].subjects[index]
Name | Type | Description | Required |
---|---|---|---|
serviceAccount | string | A service account in TSB. | false |
team | string | A team in TSB, created through LDAP sync or API. | false |
user | string | A user in TSB, created through LDAP sync or API. | false |
OrganizationAccessBindings
Name | Type | Description | Required |
---|---|---|---|
apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
kind | string | OrganizationAccessBindings | true |
metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
spec | object |
| false |
status | object | false |
OrganizationAccessBindings.spec
OrganizationAccessBindings
assigns permissions to users of organizations.
Name | Type | Description | Required |
---|---|---|---|
allow | []object | The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | false |
description | string | false | |
etag | string | false | |
fqn | string | false |
OrganizationAccessBindings.spec.allow[index]
Name | Type | Description | Required |
---|---|---|---|
role | string | The role that defines the permissions that will be granted to the target resource. | true |
subjects | []object | The set of subjects that will be allowed to access the target resource with the permissions defined by the role. | false |
OrganizationAccessBindings.spec.allow[index].subjects[index]
Name | Type | Description | Required |
---|---|---|---|
serviceAccount | string | A service account in TSB. | false |
team | string | A team in TSB, created through LDAP sync or API. | false |
user | string | A user in TSB, created through LDAP sync or API. | false |
Role
Name | Type | Description | Required |
---|---|---|---|
apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
kind | string | Role | true |
metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
spec | object |
| false |
status | object | false |
Role.spec
Role
is a named collection of permissions that can be assigned to any user or team in the system.
Name | Type | Description | Required |
---|---|---|---|
description | string | A description of the resource. | false |
displayName | string | User friendly name for the resource. | false |
etag | string | The etag for the resource. | false |
fqn | string | Fully-qualified name of the resource. | false |
rules | []object | A set of rules that define the permissions associated with each API group. | false |
Role.spec.rules[index]
Name | Type | Description | Required |
---|---|---|---|
permissions | []enum | The set of actions allowed for these APIs. | true |
types | []object | The set of API groups and the api Kinds within the group on which this rule is applicable. | false |
Role.spec.rules[index].types[index]
Name | Type | Description | Required |
---|---|---|---|
apiGroup | string | A specific API group such as traffic.tsb.tetrate.io/v2. | true |
kinds | []string | Specific kinds of APIs under the API group. | false |
scopedAt | []object | The list of parent types where the defined kinds will be scoped under. | false |
Role.spec.rules[index].types[index].scopedAt[index]
Name | Type | Description | Required |
---|---|---|---|
apiGroup | string | A specific API group such as traffic.tsb.tetrate.io/v2. | true |
kind | string | Specific kind of API under the API group. | true |
SecurityAccessBindings
Name | Type | Description | Required |
---|---|---|---|
apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
kind | string | SecurityAccessBindings | true |
metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
spec | object |
| false |
status | object | false |
SecurityAccessBindings.spec
SecurityAccessBindings
assigns permissions to users of security groups.
Name | Type | Description | Required |
---|---|---|---|
allow | []object | The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | false |
description | string | A description of the resource. | false |
etag | string | The etag for the resource. | false |
fqn | string | Fully-qualified name of the resource. | false |
SecurityAccessBindings.spec.allow[index]
Name | Type | Description | Required |
---|---|---|---|
role | string | The role that defines the permissions that will be granted to the target resource. | true |
subjects | []object | The set of subjects that will be allowed to access the target resource with the permissions defined by the role. | false |
SecurityAccessBindings.spec.allow[index].subjects[index]
Name | Type | Description | Required |
---|---|---|---|
serviceAccount | string | A service account in TSB. | false |
team | string | A team in TSB, created through LDAP sync or API. | false |
user | string | A user in TSB, created through LDAP sync or API. | false |
TenantAccessBindings
Name | Type | Description | Required |
---|---|---|---|
apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
kind | string | TenantAccessBindings | true |
metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
spec | object |
| false |
status | object | false |
TenantAccessBindings.spec
TenantAccessBindings
assigns permissions to users of tenants.
Name | Type | Description | Required |
---|---|---|---|
allow | []object | The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | false |
description | string | A description of the resource. | false |
etag | string | The etag for the resource. | false |
fqn | string | Fully-qualified name of the resource. | false |
TenantAccessBindings.spec.allow[index]
Name | Type | Description | Required |
---|---|---|---|
role | string | The role that defines the permissions that will be granted to the target resource. | true |
subjects | []object | The set of subjects that will be allowed to access the target resource with the permissions defined by the role. | false |
TenantAccessBindings.spec.allow[index].subjects[index]
Name | Type | Description | Required |
---|---|---|---|
serviceAccount | string | A service account in TSB. | false |
team | string | A team in TSB, created through LDAP sync or API. | false |
user | string | A user in TSB, created through LDAP sync or API. | false |
TrafficAccessBindings
Name | Type | Description | Required |
---|---|---|---|
apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
kind | string | TrafficAccessBindings | true |
metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
spec | object |
| false |
status | object | false |
TrafficAccessBindings.spec
TrafficAccessBindings
assigns permissions to users of traffic groups.
Name | Type | Description | Required |
---|---|---|---|
allow | []object | The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | false |
description | string | A description of the resource. | false |
etag | string | The etag for the resource. | false |
fqn | string | Fully-qualified name of the resource. | false |
TrafficAccessBindings.spec.allow[index]
Name | Type | Description | Required |
---|---|---|---|
role | string | The role that defines the permissions that will be granted to the target resource. | true |
subjects | []object | The set of subjects that will be allowed to access the target resource with the permissions defined by the role. | false |
TrafficAccessBindings.spec.allow[index].subjects[index]
Name | Type | Description | Required |
---|---|---|---|
serviceAccount | string | A service account in TSB. | false |
team | string | A team in TSB, created through LDAP sync or API. | false |
user | string | A user in TSB, created through LDAP sync or API. | false |
WorkspaceAccessBindings
Name | Type | Description | Required |
---|---|---|---|
apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
kind | string | WorkspaceAccessBindings | true |
metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
spec | object |
| false |
status | object | false |
WorkspaceAccessBindings.spec
WorkspaceAccessBindings
assigns permissions to users of workspaces.
Name | Type | Description | Required |
---|---|---|---|
allow | []object | The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | false |
description | string | A description of the resource. | false |
etag | string | The etag for the resource. | false |
fqn | string | Fully-qualified name of the resource. | false |
WorkspaceAccessBindings.spec.allow[index]
Name | Type | Description | Required |
---|---|---|---|
role | string | The role that defines the permissions that will be granted to the target resource. | true |
subjects | []object | The set of subjects that will be allowed to access the target resource with the permissions defined by the role. | false |
WorkspaceAccessBindings.spec.allow[index].subjects[index]
Name | Type | Description | Required |
---|---|---|---|
serviceAccount | string | A service account in TSB. | false |
team | string | A team in TSB, created through LDAP sync or API. | false |
user | string | A user in TSB, created through LDAP sync or API. | false |