17 lines
579 B
HCL
17 lines
579 B
HCL
# Template for a namespace/service-account-specific workload KV policy.
|
|
#
|
|
# Copy this file for a real workload and replace:
|
|
# <namespace> Kubernetes namespace, e.g. artifact-store
|
|
# <service-account> Kubernetes service account, e.g. artifact-store
|
|
#
|
|
# The matching Kubernetes auth role should bind the same namespace and service
|
|
# account and attach the copied policy.
|
|
|
|
path "platform/data/workloads/<namespace>/<service-account>/*" {
|
|
capabilities = ["read"]
|
|
}
|
|
|
|
path "platform/metadata/workloads/<namespace>/<service-account>/*" {
|
|
capabilities = ["read", "list"]
|
|
}
|