You can generate a Kubernetes RBAC policy automatically from the CNF package.

A CNF template processor determines the global privileges or namespaces for a CNF.

RBAC policies are generated based on the CNF package helm chart resources. If resources created or accessed by CNF are outside the namespace, TCA creates a new RABC rule for that resource.

Note:
  • Some of the resource names may be generated with the Helm release name or random names from the Helm chart. Therefore, the CNF deployer or VIM Administrator should review the automatically generated policies.
  • Helm inspection may sometimes fail to detect the custom resource details if the resources are deployed outside Helm. In such a scenario, a warning message is displayed in the description of the generated policy template.

Procedure

  1. Log in to the VMware Telco Cloud Automation.
  2. Click Catalog > Network Function.
  3. Click the CNF package for which you want to create a policy automatically.
  4. From Actions drop-down, click Create Policy.""
  5. In the Inventory Details tab, click the browse icon in the Select Cloud field.
  6. Click the radio button of the cloud instance that you want to select and click OK.
  7. In the Helm Charts tab, do one of the following:
    • Select Repository URL: Click this radio button to automatically display the repository URL.
    • Specify Repository URL: Click this radio button to enter the repository URL, username, and password in the respective fields.
  8. In the Inputs tab, provide input value for all the input parameters such as pf, PHC2SYS_CONFIG_FILE, and PTP4L_CONFIG_FILE.
  9. In the Review tab, review all the parameters and click Create Policy.