mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-07 00:48:01 +01:00
46 lines
1.2 KiB
Plaintext
46 lines
1.2 KiB
Plaintext
// Module included in the following assemblies:
|
|
|
|
// * networking/network_observability/installing-operators.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="network-observability-roles-create_{context}"]
|
|
= Create roles for authentication and authorization
|
|
Specify authentication and authorization configurations by defining `ClusterRole` and `ClusterRoleBinding`. You can create a YAML file to define these roles.
|
|
|
|
.Procedure
|
|
|
|
. Using the web console, click the Import icon, *+*.
|
|
. Drop your YAML file into the editor and click *Create*:
|
|
+
|
|
[source, yaml]
|
|
----
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: loki-netobserv-tenant
|
|
rules:
|
|
- apiGroups:
|
|
- 'loki.grafana.com'
|
|
resources:
|
|
- network
|
|
resourceNames:
|
|
- logs
|
|
verbs:
|
|
- 'get'
|
|
- 'create'
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: loki-netobserv-tenant
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: loki-netobserv-tenant
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: flowlogs-pipeline <1>
|
|
namespace: netobserv
|
|
----
|
|
<1> The `flowlogs-pipeline` writes to Loki. If you are using Kafka, this value is `flowlogs-pipeline-transformer`.
|