You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 18, 2024. It is now read-only.
Allow an end-user to request elevated permissions for a specific time period -
Support 2-man rule
Notification channels
Validate ticket etc...
By creating a BreakGlass resource we can elevate permissions for a pre-determined time period.
apiVersion: platform.flanksource.com/v1kind: BreakGlassspec:
namespace: # where to apply the permissions to# orcluster: true
# in dev we log a jira ticket and wait for approval before granting permissionsapiVersion: platform.flanksource.com/v1kind: BreakGlassTemplatespec:
# optonal labels on the namespace to match matchLabels:
environment: productionsubjects: [] # list of users who can break glass,roleRef: admin # role to apply when breaking glassdefaultDuration: 120mmaxDuration: 480m3waitForApproval: truehooks:
- slack
- jira:
project:
assignee:
priority:
Standard RBAC must still be applied to allow these users to create the BreakGlass objects, but without a matching template, the break glass attempt fails
# in dev environments, we don't wait for approval or log a jira ticketapiVersion: platform.flanksource.com/v1kind: BreakGlassTemplatespec:
match:
environment: devroleRef: admin # role to apply when breaking glassdefaultDuration: 480mwaitForApproval: falsehooks:
- slack:
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Allow an end-user to request elevated permissions for a specific time period -
By creating a BreakGlass resource we can elevate permissions for a pre-determined time period.
Standard RBAC must still be applied to allow these users to create the
BreakGlass
objects, but without a matching template, the break glass attempt failsThe text was updated successfully, but these errors were encountered: