You can provide predefined policies with the CNF package in CSAR to your operators. A new folder, secutityPolicies is added to the Artifacts folder, which contains the policy definitions in the YAML format with the following fields:
  • policyType: KUBERNETES_RBAC
  • name
  • description
  • definition: The policy definition.

The following is an example for a policy definition in CSAR.

policyType: KUBERNETES_RBAC 
name: Policy 1
description: My favourite policy
definition:
  apiVersion: rbac.authorization.k8s.io/v1 
  kind: Role 
  metadata: 
    namespace: SomeOtherAppNamespace 
    purpose: GrantAccessForOtherAppSevices  
  rules: 
    - apiGroups: [""] 
      resources: ["services"] 
      verbs: ["get", "list"]

Procedure

  1. Log in to the VMware Telco Cloud Automation.
  2. Click Catalog > Network Function.
  3. Click the CNF package from which you want to import the policies.
  4. From Actions drop-down, click Import Policy.
  5. Select the policies, which are embedded into the Network Function package that you want to import from the CNF package.
  6. Click Import Policy.
    Note: You can edit the imported policies until they are granted.