You can manually create Kubernetes policies and apply them to any cloud instance.

A policy defines a set of Roles and ClusterRoles that provide additional access to the Kubernetes resources. Since the Kubernetes resource names vary for every instance, and the policy templates are fixed, TCA allows a policy to be applied for multiple CNF instances.

Procedure

  1. Log in to the VMware Telco Cloud Automation.
  2. Click Authorization > Kubernetes Policies.
  3. Click Create New.
  4. In the Name field, enter name of the policy.
  5. (Optional) In the Description field, enter description of the policy.
  6. From the Type drop-down, select KUBERNETES_RBAC or KUBERNETES_PSA based on your requirement. ""
    The following table illustrates the policy and sample policy definition.
    Policy Type Sample Policy Defintion
    KUBERNETES_RBAC 
    apiVersion: rbac.authorization.k8s.io/v1 
kind: ClusterRole 
metadata: 
  purpose: istioCRDs 
rules: 
  - apiGroups: ["apiextensions.k8s.io"] 
    resources: ["customresourcedefinitions"] 
    resourceNames: ["istiooperators.install.istio.io"] 
    verbs: ["get", "create", "update", "patch", "delete"] 
  - apiGroups: ["apiextensions.k8s.io"] 
    resources: ["customresourcedefinitions"] 
    verbs: ["create"] 
 
--- 
apiVersion: rbac.authorization.k8s.io/v1 
kind: Role 
metadata: 
  namespace: SomeOtherAppNamespace 
  purpose: GrantAccessForOtherAppSevices  
rules: 
  - apiGroups: [""] 
    resources: ["services"] 
    verbs: ["get", "list"]
    KUBERNETES_PSA 
    enforce: baseline 
audit: restricted 
warn: privileged
  7. Click Next.
  8. In the Add Policy Details page, browse and upload the YAML file that contains policy details or enter the policy details similar to the sample provided in the preceding table.
  9. Click Finish.