Skip to main content
logoTetrate Service BridgeVersion: next

rbac.tsb.tetrate.io/v2

Resource Types:

AccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

AccessBindings assigns permissions to users of any TSB resource.

false
statusobject
false

AccessBindings.spec

↩ Parent

AccessBindings assigns permissions to users of any TSB resource.

NameTypeDescriptionRequired
allow[]object

The list of allowed bindings configures the different access profiles that are allowed on the target resource.

false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false

AccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring

The role that defines the permissions that will be granted to the target resource.

true
subjects[]object

The set of subjects that will be allowed to access the target resource with the permissions defined by the role.

false

AccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

APIAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringAPIAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

APIAccessBindings assigns permissions to users of APIs.

false
statusobject
false

APIAccessBindings.spec

↩ Parent

APIAccessBindings assigns permissions to users of APIs.

NameTypeDescriptionRequired
allow[]object

The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy.

false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

APIAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring

The role that defines the permissions that will be granted to the target resource.

true
subjects[]object

The set of subjects that will be allowed to access the target resource with the permissions defined by the role.

false

APIAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

ApplicationAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringApplicationAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

ApplicationAccessBindings assigns permissions to users of applications.

false
statusobject
false

ApplicationAccessBindings.spec

↩ Parent

ApplicationAccessBindings assigns permissions to users of applications.

NameTypeDescriptionRequired
allow[]object

The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy.

false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

ApplicationAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring

The role that defines the permissions that will be granted to the target resource.

true
subjects[]object

The set of subjects that will be allowed to access the target resource with the permissions defined by the role.

false

ApplicationAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

GatewayAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringGatewayAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

GatewayAccessBindings assigns permissions to users of gateway groups.

false
statusobject
false

GatewayAccessBindings.spec

↩ Parent

GatewayAccessBindings assigns permissions to users of gateway groups.

NameTypeDescriptionRequired
allow[]object

The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy.

false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

GatewayAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring

The role that defines the permissions that will be granted to the target resource.

true
subjects[]object

The set of subjects that will be allowed to access the target resource with the permissions defined by the role.

false

GatewayAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

IstioInternalAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringIstioInternalAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

IstioInternalAccessBindings assigns permissions to users of istio internal groups.

false
statusobject
false

IstioInternalAccessBindings.spec

↩ Parent

IstioInternalAccessBindings assigns permissions to users of istio internal groups.

NameTypeDescriptionRequired
allow[]object

The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy.

false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

IstioInternalAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring

The role that defines the permissions that will be granted to the target resource.

true
subjects[]object

The set of subjects that will be allowed to access the target resource with the permissions defined by the role.

false

IstioInternalAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

OrganizationAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringOrganizationAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

OrganizationAccessBindings assigns permissions to users of organizations.

false
statusobject
false

OrganizationAccessBindings.spec

↩ Parent

OrganizationAccessBindings assigns permissions to users of organizations.

NameTypeDescriptionRequired
allow[]object

The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy.

false
descriptionstring
false
etagstring
false
fqnstring
false

OrganizationAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring

The role that defines the permissions that will be granted to the target resource.

true
subjects[]object

The set of subjects that will be allowed to access the target resource with the permissions defined by the role.

false

OrganizationAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

Role

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringRoletrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

Role is a named collection of permissions that can be assigned to any user or team in the system.

false
statusobject
false

Role.spec

↩ Parent

Role is a named collection of permissions that can be assigned to any user or team in the system.

NameTypeDescriptionRequired
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
rules[]object

A set of rules that define the permissions associated with each API group.

false

Role.spec.rules[index]

↩ Parent

NameTypeDescriptionRequired
permissions[]enum

The set of actions allowed for these APIs.

true
types[]object

The set of API groups and the api Kinds within the group on which this rule is applicable.

false

Role.spec.rules[index].types[index]

↩ Parent

NameTypeDescriptionRequired
apiGroupstring

A specific API group such as traffic.tsb.tetrate.io/v2.

true
kinds[]string

Specific kinds of APIs under the API group.

false
scopedAt[]object

The list of parent types where the defined kinds will be scoped under.

false

Role.spec.rules[index].types[index].scopedAt[index]

↩ Parent

NameTypeDescriptionRequired
apiGroupstring

A specific API group such as traffic.tsb.tetrate.io/v2.

true
kindstring

Specific kind of API under the API group.

true

SecurityAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringSecurityAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

SecurityAccessBindings assigns permissions to users of security groups.

false
statusobject
false

SecurityAccessBindings.spec

↩ Parent

SecurityAccessBindings assigns permissions to users of security groups.

NameTypeDescriptionRequired
allow[]object

The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy.

false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

SecurityAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring

The role that defines the permissions that will be granted to the target resource.

true
subjects[]object

The set of subjects that will be allowed to access the target resource with the permissions defined by the role.

false

SecurityAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

TenantAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringTenantAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

TenantAccessBindings assigns permissions to users of tenants.

false
statusobject
false

TenantAccessBindings.spec

↩ Parent

TenantAccessBindings assigns permissions to users of tenants.

NameTypeDescriptionRequired
allow[]object

The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy.

false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

TenantAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring

The role that defines the permissions that will be granted to the target resource.

true
subjects[]object

The set of subjects that will be allowed to access the target resource with the permissions defined by the role.

false

TenantAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

TrafficAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringTrafficAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

TrafficAccessBindings assigns permissions to users of traffic groups.

false
statusobject
false

TrafficAccessBindings.spec

↩ Parent

TrafficAccessBindings assigns permissions to users of traffic groups.

NameTypeDescriptionRequired
allow[]object

The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy.

false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

TrafficAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring

The role that defines the permissions that will be granted to the target resource.

true
subjects[]object

The set of subjects that will be allowed to access the target resource with the permissions defined by the role.

false

TrafficAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false

WorkspaceAccessBindings

↩ Parent

NameTypeDescriptionRequired
apiVersionstringrbac.tsb.tetrate.io/v2true
kindstringWorkspaceAccessBindingstrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject

WorkspaceAccessBindings assigns permissions to users of workspaces.

false
statusobject
false

WorkspaceAccessBindings.spec

↩ Parent

WorkspaceAccessBindings assigns permissions to users of workspaces.

NameTypeDescriptionRequired
allow[]object

The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy.

false
descriptionstring

A description of the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false

WorkspaceAccessBindings.spec.allow[index]

↩ Parent

NameTypeDescriptionRequired
rolestring

The role that defines the permissions that will be granted to the target resource.

true
subjects[]object

The set of subjects that will be allowed to access the target resource with the permissions defined by the role.

false

WorkspaceAccessBindings.spec.allow[index].subjects[index]

↩ Parent

NameTypeDescriptionRequired
serviceAccountstring

A service account in TSB.

false
teamstring

A team in TSB, created through LDAP sync or API.

false
userstring

A user in TSB, created through LDAP sync or API.

false