RBAC

Introduction

Role-based access control (RBAC) is a method of regulating access to your Operator. When debugging, the Operator will automatically apply configured RBAC rules, and use them. This allows you to verify configuration before deployment.

Configuring RBAC rules

RBAC rules are configured by appling RbacRule annotations to classes within the Operator project. They can be applied to any class including Controllers, Finalizers and Webhooks.

Example

using Neon.Operator.Attributes;
using Neon.Operator.Rbac;

namespace ExampleOperator
{
     <summary>
     Example controller
     </summary>
    [RbacRule<V1ExampleEntity>(
      Verbs = RbacVerb.All,
      Scope = EntityScope.Cluster)]
    [RbacRule<V1ServiceAccount>(
      Verbs = RbacVerb.List
      | RbacVerb.Create,
      Scope = EntityScope.Cluster)]
    [RbacRule<V1Pod>(
      Verbs = RbacVerb.Get
      | RbacVerb.Watch
      | RbacVerb.Patch,
      Scope = EntityScope.Namespaced)]
    [RbacRule<V1ConfigMap>(
      Verbs = RbacVerb.Get
      | RbacVerb.Watch,
      Scope = EntityScope.Namespaced)]
    public class ExampleController : ResourceControllerBase<V1ExampleEntity>
    {
        // your controller implementation
    }
}

Generating RBAC manifests

The Neon.Operator NuGet package includes analyzers to generate RBAC rules for your Operator. You can disable this analyzer with the NeonOperatorGenerateRbac MSBuild property.

For example:

<PropertyGroup>
  <NeonOperatorGenerateRbac>False</NeonOperatorGenerateRbac>
</PropertyGroup>

RBAC

Introduction​

Configuring RBAC rules​

Example​

Generating RBAC manifests​

Introduction

Configuring RBAC rules

Example

Generating RBAC manifests