Dmitry Meyerson
06/12/2023, 6:46 PMCharith (Cerbos)
--namespace
flag to Helm.Dmitry Meyerson
06/12/2023, 6:50 PMDmitry Meyerson
06/12/2023, 7:32 PMDmitry Meyerson
06/12/2023, 7:51 PM/work
in the debug containerDennis (Cerbos)
/work
to a volume.Dmitry Meyerson
06/12/2023, 10:56 PMDmitry Meyerson
06/12/2023, 10:56 PMDennis (Cerbos)
Dmitry Meyerson
06/12/2023, 10:59 PM# Default values for cerbos.
# This is a YAML-formatted file.
service:
type: ClusterIP
httpPort: 3592
grpcPort: 3593
httpNodePort: 13592
grpcNodePort: 13593
envFrom:
- secretRef:
name: cerbos-github-token
cerbos:
config:
driver: "git"
git:
protocol: https
# git URL
url: <https://my-url/cerbos-ABAC.git>
# Replace with the branch name of your repo.
branch: my-branch
# Remove or leave empty if the policies are not stored in a subdirectory.
#subDir: hr
subDir: policies
# Path to checkout. By default, /work is a Kubernetes emptyDir volume that is only available for the lifetime of the pod.
# If you want the work directory to persist between pod restarts, specify the mount path of a persistent volume here.
#checkoutDir: /work
# How often the remote repo should be checked for updates.
updatePollInterval: 60s
# Credentials used to login to the remote GitHub repo. We are using an environment variable mounted from the secret we created earlier.
https:
username: ${GITHUB_TOKEN}
password: ""
Dmitry Meyerson
06/12/2023, 10:59 PMDennis (Cerbos)
cerbos -> config -> storage
Dennis (Cerbos)
envFrom:
- secretRef:
name: cerbos-github-token
cerbos:
config:
# Configure the git storage driver
storage:
driver: "git"
git:
protocol: https
# Replace with the URL of your GitHub repo.
url: <https://github.com/cerbos/sample-policies.git>
# Replace with the branch name of your repo.
branch: main
# Remove or leave empty if the policies are not stored in a subdirectory.
subDir: hr
# Path to checkout. By default, /work is a Kubernetes emptyDir volume that is only available for the lifetime of the pod.
# If you want the work directory to persist between pod restarts, specify the mount path of a persistent volume here.
checkoutDir: /work
# How often the remote repo should be checked for updates.
updatePollInterval: 60s
# Credentials used to login to the remote GitHub repo. We are using an environment variable mounted from the secret we created earlier.
https:
username: ${GITHUB_TOKEN}
password: ""
Dmitry Meyerson
06/12/2023, 11:03 PMDmitry Meyerson
06/12/2023, 11:03 PMDmitry Meyerson
06/12/2023, 11:03 PMDmitry Meyerson
06/12/2023, 11:03 PMDmitry Meyerson
06/12/2023, 11:03 PMDmitry Meyerson
06/12/2023, 11:14 PM