Last active
December 18, 2023 06:15
-
-
Save mlbiam/c22f982da9c4164a4ee1aa4c1dd9a664 to your computer and use it in GitHub Desktop.
vcluster-blog
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
network: | |
openunison_host: "k8sou.apps.212.2.242.251.nip.io" | |
dashboard_host: "k8sdb.apps.212.2.242.251.nip.io" | |
api_server_host: "k8sapi.apps.212.2.242.251.nip.io" | |
session_inactivity_timeout_seconds: 900 | |
k8s_url: https://0.0.0.0:6443 | |
force_redirect_to_tls: true | |
createIngressCertificate: true | |
ingress_type: nginx | |
ingress_annotations: | |
kubernetes.io/ingress.class: nginx | |
cert_template: | |
ou: "Kubernetes" | |
o: "MyOrg" | |
l: "My Cluster" | |
st: "State of Cluster" | |
c: "MyCountry" | |
image: docker.io/tremolosecurity/openunison-k8s:latest | |
myvd_config_path: "WEB-INF/myvd.conf" | |
k8s_cluster_name: vcluster-control-plane | |
enable_impersonation: true | |
impersonation: | |
use_jetstack: true | |
jetstack_oidc_proxy_image: docker.io/tremolosecurity/kube-oidc-proxy:latest | |
explicit_certificate_trust: true | |
dashboard: | |
namespace: "kubernetes-dashboard" | |
cert_name: "kubernetes-dashboard-certs" | |
label: "k8s-app=kubernetes-dashboard" | |
service_name: kubernetes-dashboard | |
certs: | |
use_k8s_cm: false | |
trusted_certs: | |
- name: ldaps | |
pem_b64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlekNDQW1PZ0F3SUJBZ0lFR2owUUZ6QU5CZ2txaGtpRzl3MEJBUXNGQURCdE1Rd3dDZ1lEVlFRR0V3TmsKWlhZeEREQUtCZ05WQkFnVEEyUmxkakVNTUFvR0ExVUVCeE1EWkdWMk1Rd3dDZ1lEVlFRS0V3TmtaWFl4RERBSwpCZ05WQkFzVEEyUmxkakVsTUNNR0ExVUVBeE1jWVhCaFkyaGxaSE11WVdOMGFYWmxaR2x5WldOMGIzSjVMbk4yCll6QWdGdzB5TVRBM01EVXdNRFV6TWpoYUdBOHlNVEl4TURZeE1UQXdOVE15T0Zvd2JURU1NQW9HQTFVRUJoTUQKWkdWMk1Rd3dDZ1lEVlFRSUV3TmtaWFl4RERBS0JnTlZCQWNUQTJSbGRqRU1NQW9HQTFVRUNoTURaR1YyTVF3dwpDZ1lEVlFRTEV3TmtaWFl4SlRBakJnTlZCQU1USEdGd1lXTm9aV1J6TG1GamRHbDJaV1JwY21WamRHOXllUzV6CmRtTXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDNlNVQUJRSUZkYnRwZGJ3WEEKT05ablJVQlFBMEVyK2hWYmkxUHNWSnNaaUlGZjhJRC8xZXBPN0M4QlViVXN1U3dWWkc5ZEJIV3o0RFBwWUUrKwp2dmxrTEs1cEdiTnJQbDdFd241clJLRE5PeVR5ZUNBcFMzSVNsRW1iaVNQUjBuYXd5ckpoNjhQQ0I1bURSNTNmCmh1bFhPQ0dTd3ZNN2RwM2RPc3lFQmRlVkw3aTFnbkJNYi9wN05YdTN5WmlWaDlpS3pqaENrZndqL0VsNTZaUHEKYmsvOGtQN0xBdTFvZGJWTkZGSUx5clB6SFBFU3I3N0preHcvKytPTmhtblA2UFBiU3FtRm0rcUVEYWhQanBFZgpscUdaY3BsOEZ0VXBzTG5JK3B4blI5eWU5ZUNpVDVuaDhlTEhobkVFNzFpVE1rb2xrSHdxSm5xV1R3ZlF2b1g5CkM2SERBZ01CQUFHaklUQWZNQjBHQTFVZERnUVdCQlRjOGlDU055NnhSM2M5OU1aYkZUODgzREs1V0RBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFOMEkwZnJDSzdYNGRHRmpGLzFpb3czUUwvbTcwemVIemlQVVFFUUdONXBFMwpyMlZZL0ZHWGdNV0tFSXpHa2hMZW5CUXRxRE5Pbm4vL1JjK0Y2anM1RkNOVXhaT2V4ekl2aElhY0M4YUhzRWpFClRnclI5OWNqUVdsdzFhSVF0YUhkSmVqYXdYcU50YU1FMSt4RlJBQTNCWUF1T3BveW9wQ0NoMXdJaTEvQk84TlQKVmFaancxQU8xd1ZUaTJ3SUtCSUp1Z0N2T0dYZEt3YzBuL0I4bzRRQkpScklRZEJnbzJVNjFBbkMxaWM4b0d3RwpxekN1V0dDenZjam9xNWFNcTliS0YyNHBQaDR3cWZMZnZGdWNsYmFIUlBiSmpxT3l0V3gzczhNV0lvRUNzdlhLCnhIYmJvSnU0c1AwLzRBMGQ4K25OOXI1MU8xalFaWHd0b3hwenFTV2ZlZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= | |
monitoring: | |
prometheus_service_account: system:serviceaccount:monitoring:prometheus-k8s | |
network_policies: | |
enabled: false | |
ingress: | |
enabled: true | |
labels: | |
app.kubernetes.io/name: ingress-nginx | |
monitoring: | |
enabled: true | |
labels: | |
app.kubernetes.io/name: monitoring | |
apiserver: | |
enabled: false | |
labels: | |
app.kubernetes.io/name: kube-system | |
active_directory: | |
base: DC=domain,DC=com | |
host: "apacheds.activedirectory.svc" | |
port: "10636" | |
bind_dn: "cn=ou_svc_account,ou=Users,DC=domain,DC=com" | |
con_type: ldaps | |
srv_dns: "false" | |
database: | |
hibernate_dialect: org.hibernate.dialect.MySQL5InnoDBDialect | |
quartz_dialect: org.quartz.impl.jdbcjobstore.StdJDBCDelegate | |
driver: com.mysql.jdbc.Driver | |
url: jdbc:mysql://mariadb.mariadb.svc:3306/unison | |
user: unison | |
validation: SELECT 1 | |
smtp: | |
host: blackhole.blackhole.svc.cluster.local | |
port: 1025 | |
user: "none" | |
from: donotreply@domain.com | |
tls: false | |
openunison: | |
enable_provisioning: true | |
use_standard_jit_workflow: false | |
replicas: 1 | |
non_secret_data: | |
K8S_DB_SSO: oidc | |
SHOW_PORTAL_ORGS: "true" | |
VCLUSTER_DOMAIN_ROOT: "vclusters.212.2.242.251.nip.io" | |
K8S_DEPLOYMENT_NAME: "vcluster Control Plane" | |
secrets: [] | |
html: | |
image: docker.io/tremolosecurity/openunison-k8s-html:latest | |
naas: | |
workflows: | |
new_namespace: | |
post_namespace_create_workflow: check-for-vcluster | |
groups: | |
internal: | |
enabled: true | |
external: | |
enabled: false | |
forms: | |
new_namespace: | |
additional_attributes: | |
- name: tenant_type | |
displayName: Tenant Type | |
regEx: ".*" | |
regExFailedMsg: "Invalid option" | |
minChars: 0 | |
maxChars: 0 | |
unique: false | |
type: list | |
values: | |
Namespace: "namespace" | |
vcluster: "vcluster" | |
operator: | |
image: docker.io/tremolosecurity/openunison-operator |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: openunison.tremolo.io/v1 | |
kind: OUJob | |
metadata: | |
name: wait-for | |
namespace: openunison | |
spec: | |
className: com.tremolosecurity.provisioning.jobs.WaitForJob | |
cronSchedule: | |
dayOfMonth: '*' | |
dayOfWeek: '?' | |
hours: '*' | |
minutes: '*' | |
month: '*' | |
seconds: '*/10' | |
year: '*' | |
group: admin | |
params: | |
- name: target | |
value: k8s | |
- name: namespace | |
value: openunison | |
--- | |
apiVersion: openunison.tremolo.io/v1 | |
kind: Workflow | |
metadata: | |
name: check-for-vcluster | |
namespace: openunison | |
spec: | |
description: checks for vcluster, and if requested creates it | |
inList: false | |
label: do nothing | |
orgId: x | |
tasks: |- | |
- taskType: customTask | |
className: com.tremolosecurity.provisioning.customTasks.JavaScriptTask | |
params: | |
javaScript: |- | |
function init(task,params) { | |
state.put("workflow_obj",task.getWorkflow()); | |
} | |
function reInit(task) { | |
state.put("workflow_obj",task.getWorkflow()); | |
} | |
function doTask(user,request) { | |
Attribute = Java.type("com.tremolosecurity.saml.Attribute"); | |
user.getAttribs().put("tenant_type",new Attribute("tenant_type",request.get("tenant_type").toString())); | |
return true; | |
} | |
- taskType: customTask | |
className: com.tremolosecurity.provisioning.customTasks.PrintUserInfo | |
params: | |
message: pre-tenant-check | |
- taskType: ifAttrHasValue | |
name: tenant_type | |
value: "vcluster" | |
onSuccess: | |
- taskType: callWorkflow | |
name: vcluster-post-namespace-create | |
--- | |
apiVersion: openunison.tremolo.io/v1 | |
kind: Workflow | |
metadata: | |
name: vcluster-post-namespace-create | |
namespace: openunison | |
spec: | |
description: Create vCluster | |
inList: false | |
label: do nothing | |
orgId: x | |
tasks: |- | |
- taskType: customTask | |
className: com.tremolosecurity.provisioning.tasks.CreateK8sObject | |
params: | |
targetName: $cluster$ | |
template: |- | |
--- | |
apiVersion: v1 | |
kind: PersistentVolumeClaim | |
metadata: | |
name: vcluster-audit-logs | |
namespace: $nameSpace$ | |
spec: | |
accessModes: | |
- ReadWriteOnce | |
resources: | |
requests: | |
storage: 1Gi | |
kind: PersistentVolumeClaim | |
url: /api/v1/namespaces/$nameSpace$/persistentvolumeclaims | |
srcType: yaml | |
writeToRequest: "$useGit$" | |
requestAttribute: git-secret-cluster-k8s-$nameSpace$ | |
path: /yaml/ns/$nameSpace$/persistentvolumeclaims/vcluster-audit-logs.yaml | |
- taskType: customTask | |
className: com.tremolosecurity.provisioning.tasks.CreateK8sObject | |
params: | |
targetName: $cluster$ | |
template: |- | |
--- | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: k8s-audit-policy | |
namespace: $nameSpace$ | |
data: | |
k8s-audit-policy.yaml: "apiVersion: audit.k8s.io/v1\r\nkind: Policy\r\nrules:\r\n # The following requests were manually identified as high-volume and low-risk,\r\n # so drop them.\r\n - level: None\r\n users: [\"system:kube-proxy\"]\r\n verbs: [\"watch\"]\r\n resources:\r\n - group: \"\" # core\r\n resources: [\"endpoints\", \"services\", \"services/status\"]\r\n - level: None\r\n # Ingress controller reads 'configmaps/ingress-uid' through the unsecured port.\r\n # TODO(#46983): Change this to the ingress controller service account.\r\n users: [\"system:unsecured\"]\r\n namespaces: [\"kube-system\"]\r\n verbs: [\"get\"]\r\n resources:\r\n - group: \"\" # core\r\n resources: [\"configmaps\"]\r\n - level: None\r\n users: [\"kubelet\"] # legacy kubelet identity\r\n verbs: [\"get\"]\r\n resources:\r\n - group: \"\" # core\r\n resources: [\"nodes\", \"nodes/status\"]\r\n - level: None\r\n userGroups: [\"system:nodes\"]\r\n verbs: [\"get\"]\r\n resources:\r\n - group: \"\" # core\r\n resources: [\"nodes\", \"nodes/status\"]\r\n - level: None\r\n users:\r\n - system:kube-controller-manager\r\n - system:kube-scheduler\r\n - system:serviceaccount:kube-system:endpoint-controller\r\n verbs: [\"get\", \"update\"]\r\n namespaces: [\"kube-system\"]\r\n resources:\r\n - group: \"\" # core\r\n resources: [\"endpoints\"]\r\n - level: None\r\n users: [\"system:apiserver\"]\r\n verbs: [\"get\"]\r\n resources:\r\n - group: \"\" # core\r\n resources: [\"namespaces\", \"namespaces/status\", \"namespaces/finalize\"]\r\n - level: None\r\n users: [\"cluster-autoscaler\"]\r\n verbs: [\"get\", \"update\"]\r\n namespaces: [\"kube-system\"]\r\n resources:\r\n - group: \"\" # core\r\n resources: [\"configmaps\", \"endpoints\"]\r\n # Don't log HPA fetching metrics.\r\n - level: None\r\n users:\r\n - system:kube-controller-manager\r\n verbs: [\"get\", \"list\"]\r\n resources:\r\n - group: \"metrics.k8s.io\"\r\n\r\n # Don't log these read-only URLs.\r\n - level: None\r\n nonResourceURLs:\r\n - /healthz*\r\n - /version\r\n - /swagger*\r\n\r\n # Don't log events requests.\r\n - level: None\r\n resources:\r\n - group: \"\" # core\r\n resources: [\"events\"]\r\n\r\n # node and pod status calls from nodes are high-volume and can be large, don't log responses for expected updates from nodes\r\n - level: Request\r\n users: [\"kubelet\", \"system:node-problem-detector\", \"system:serviceaccount:kube-system:node-problem-detector\"]\r\n verbs: [\"update\",\"patch\"]\r\n resources:\r\n - group: \"\" # core\r\n resources: [\"nodes/status\", \"pods/status\"]\r\n omitStages:\r\n - \"RequestReceived\"\r\n - level: Request\r\n userGroups: [\"system:nodes\"]\r\n verbs: [\"update\",\"patch\"]\r\n resources:\r\n - group: \"\" # core\r\n resources: [\"nodes/status\", \"pods/status\"]\r\n omitStages:\r\n - \"RequestReceived\"\r\n\r\n # deletecollection calls can be large, don't log responses for expected namespace deletions\r\n - level: Request\r\n users: [\"system:serviceaccount:kube-system:namespace-controller\"]\r\n verbs: [\"deletecollection\"]\r\n omitStages:\r\n - \"RequestReceived\"\r\n\r\n # Secrets, ConfigMaps, and TokenReviews can contain sensitive & binary data,\r\n # so only log at the Metadata level.\r\n - level: Metadata\r\n resources:\r\n - group: \"\" # core\r\n resources: [\"secrets\", \"configmaps\"]\r\n - group: authentication.k8s.io\r\n resources: [\"tokenreviews\"]\r\n omitStages:\r\n - \"RequestReceived\"\r\n # Get repsonses can be large; skip them.\r\n - level: Request\r\n verbs: [\"get\", \"list\", \"watch\"]\r\n resources:\r\n - group: \"\" # core\r\n - group: \"admissionregistration.k8s.io\"\r\n - group: \"apiextensions.k8s.io\"\r\n - group: \"apiregistration.k8s.io\"\r\n - group: \"apps\"\r\n - group: \"authentication.k8s.io\"\r\n - group: \"authorization.k8s.io\"\r\n - group: \"autoscaling\"\r\n - group: \"batch\"\r\n - group: \"certificates.k8s.io\"\r\n - group: \"extensions\"\r\n - group: \"metrics.k8s.io\"\r\n - group: \"networking.k8s.io\"\r\n - group: \"node.k8s.io\"\r\n - group: \"policy\"\r\n - group: \"rbac.authorization.k8s.io\"\r\n - group: \"scheduling.k8s.io\"\r\n - group: \"settings.k8s.io\"\r\n - group: \"storage.k8s.io\"\r\n omitStages:\r\n - \"RequestReceived\"\r\n # Default level for known APIs\r\n - level: RequestResponse\r\n resources:\r\n - group: \"\" # core\r\n - group: \"admissionregistration.k8s.io\"\r\n - group: \"apiextensions.k8s.io\"\r\n - group: \"apiregistration.k8s.io\"\r\n - group: \"apps\"\r\n - group: \"authentication.k8s.io\"\r\n - group: \"authorization.k8s.io\"\r\n - group: \"autoscaling\"\r\n - group: \"batch\"\r\n - group: \"certificates.k8s.io\"\r\n - group: \"extensions\"\r\n - group: \"metrics.k8s.io\"\r\n - group: \"networking.k8s.io\"\r\n - group: \"node.k8s.io\"\r\n - group: \"policy\"\r\n - group: \"rbac.authorization.k8s.io\"\r\n - group: \"scheduling.k8s.io\"\r\n - group: \"settings.k8s.io\"\r\n - group: \"storage.k8s.io\"\r\n omitStages:\r\n - \"RequestReceived\"\r\n # Default level for all other requests.\r\n - level: Metadata\r\n omitStages:\r\n - \"RequestReceived\"\r\n" | |
kind: ConfigMap | |
url: /api/v1/namespaces/$nameSpace$/configmaps | |
srcType: yaml | |
writeToRequest: "$useGit$" | |
requestAttribute: git-secret-cluster-k8s-$nameSpace$ | |
path: /yaml/ns/$nameSpace$/configmaps/k8s-audit-policy.yaml | |
- taskType: customTask | |
className: com.tremolosecurity.provisioning.tasks.CreateK8sObject | |
params: | |
targetName: $cluster$ | |
template: |- | |
apiVersion: cluster.x-k8s.io/v1beta1 | |
kind: Cluster | |
metadata: | |
name: vcluster | |
namespace: $nameSpace$ | |
spec: | |
controlPlaneRef: | |
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 | |
kind: VCluster | |
name: vcluster | |
infrastructureRef: | |
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 | |
kind: VCluster | |
name: vcluster | |
kind: Cluster | |
url: /apis/cluster.x-k8s.io/v1beta1/namespaces/$nameSpace$/clusters | |
srcType: yaml | |
writeToRequest: "$useGit$" | |
requestAttribute: git-secret-cluster-k8s-$nameSpace$ | |
path: /yaml/ns/$nameSpace$/clusters/vcluster.yaml | |
- taskType: customTask | |
className: com.tremolosecurity.provisioning.tasks.CreateK8sObject | |
params: | |
targetName: $cluster$ | |
template: |- | |
--- | |
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 | |
kind: VCluster | |
metadata: | |
name: vcluster | |
namespace: $nameSpace$ | |
spec: | |
controlPlaneEndpoint: | |
host: "" | |
port: 0 | |
helmRelease: | |
chart: | |
name: null | |
repo: null | |
version: null | |
values: |- | |
#sync: | |
# nodes: | |
# enabled: true | |
volumes: | |
- name: audit-policy-volume | |
configMap: | |
name: k8s-audit-policy | |
- name: audit-log-data | |
persistentVolumeClaim: | |
claimName: vcluster-audit-logs | |
vcluster: | |
volumeMounts: | |
# keep data volume mount! | |
- mountPath: /data | |
name: data | |
- mountPath: /var/lib/rancher/k3s/server/log-config | |
name: audit-policy-volume | |
- mountPath: /var/lib/rancher/k3s/server/logs | |
name: audit-log-data | |
extraArgs: | |
- "--kube-apiserver-arg='audit-log-path=/var/lib/rancher/k3s/server/logs/audit.log'" | |
- "--kube-apiserver-arg='audit-policy-file=/var/lib/rancher/k3s/server/log-config/k8s-audit-policy.yaml'" | |
kubernetesVersion: 1.23.0 | |
kind: VCluster | |
url: /apis/infrastructure.cluster.x-k8s.io/v1alpha1/namespaces/$nameSpace$/vclusters | |
srcType: yaml | |
writeToRequest: "$useGit$" | |
requestAttribute: git-secret-cluster-k8s-$nameSpace$ | |
path: /yaml/ns/$nameSpace$/vclusters/vcluster.yaml | |
- taskType: customTask | |
className: com.tremolosecurity.provisioning.tasks.CreateK8sObject | |
params: | |
targetName: $cluster$ | |
template: |- | |
--- | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: helm-values-$WORKFLOW_ID$-$nameSpace$-yaml | |
namespace: openunison | |
data: | |
values.yaml: |- | |
vcluster: | |
label: vcluster-$nameSpace$ | |
name: vcluster | |
namespace: $nameSpace$ | |
api_server_host: k8sapi.$nameSpace$.#[VCLUSTER_DOMAIN_ROOT] | |
dashboard_host: k8sdb.$nameSpace$.#[VCLUSTER_DOMAIN_ROOT] | |
openunison_host: k8sou.$nameSpace$.#[VCLUSTER_DOMAIN_ROOT] | |
createIngressCertificate: true | |
ingress_annotations: {} | |
az_groups: | |
- k8s-namespace-administrators-$cluster$-$nameSpace$-internal | |
- k8s-namespace-administrators-$cluster$-$nameSpace$-external | |
kind: ConfigMap | |
url: /api/v1/namespaces/openunison/configmaps | |
srcType: yaml | |
writeToRequest: "$useGit$" | |
requestAttribute: git-secret-cluster-k8s-$nameSpace$ | |
path: /yaml/ns/$nameSpace$/configmaps/k8s-audit-policy.yaml | |
- taskType: customTask | |
className: com.tremolosecurity.provisioning.tasks.WaitForStatus | |
params: | |
holdingTarget: k8s | |
namespace: openunison | |
target: $cluster$ | |
uri: /apis/apps/v1/namespaces/$nameSpace$/statefulsets/vcluster | |
label: wait-for-vcluster | |
conditions: | |
- .status.readyReplicas=1 | |
- .status.replicas=1 | |
- taskType: customTask | |
className: com.tremolosecurity.provisioning.tasks.CreateK8sObject | |
params: | |
targetName: k8s | |
template: |- | |
--- | |
kind: Job | |
apiVersion: batch/v1 | |
metadata: | |
name: helm-install-vcluster-$nameSpace$ | |
namespace: openunison | |
spec: | |
parallelism: 1 | |
completions: 1 | |
backoffLimit: 3 | |
selector: | |
matchLabels: | |
job-name: helm-install-vcluster-$nameSpace$ | |
template: | |
metadata: | |
name: helm-install-vcluster-$nameSpace$ | |
namespace: openunison | |
labels: | |
job-name: helm-install-vcluster-$nameSpace$ | |
spec: | |
containers: | |
- args: | |
- /usr/local/openunison/run-helm.sh | |
image: docker.io/mlbiam/vcluster-onboard | |
imagePullPolicy: Always | |
name: helm-install | |
resources: {} | |
volumeMounts: | |
- mountPath: /etc/openunison | |
name: vcluster-helm-values | |
env: | |
- name: TREMOLO_HELM_REPO | |
value: "https://nexus.tremolo.io/repository/helm/" | |
- name: HELM_DEPLOYMENT | |
value: helm-install-vcluster-$nameSpace$ | |
- name: HELM_CHART | |
value: vcluster-onboard | |
- name: TARGET_NAMESPACE | |
value: openunison | |
- name: PATH_TO_VALUES | |
value: /etc/openunison/values.yaml | |
dnsPolicy: ClusterFirst | |
serviceAccount: openunison-orchestra | |
serviceAccountName: openunison-orchestra | |
restartPolicy: OnFailure | |
volumes: | |
- name: vcluster-helm-values | |
configMap: | |
name: helm-values-$WORKFLOW_ID$-$nameSpace$-yaml | |
kind: Job | |
url: /apis/batch/v1/namespaces/openunison/jobs | |
srcType: yaml | |
writeToRequest: "$useGit$" | |
requestAttribute: git-secret-cluster-k8s-$nameSpace$ | |
path: /yaml/ns/$nameSpace$/configmaps/k8s-audit-policy.yaml | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment