Skip to content

Commit

Permalink
docs/authorization.md: add service account section
Browse files Browse the repository at this point in the history
  • Loading branch information
@sttts @s-urbaniak
sttts authored and s-urbaniak committed Jun 15, 2022
1 parent c27ea29 commit 50434a5
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions docs/authorization.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,3 +182,10 @@ and work just like in a regular Kubernetes cluster.
Note: groups added by the workspace content authorizer can be used for role bindings in that workspace.

It is possible to bind to roles and cluster roles in the bootstrap policy from a local policy `RoleBinding` or `ClusterRoleBinding`.

# Service Accounts

Kubernetes service accounts are granted access to the workspaces they are defined in and that are ready.

E.g. a service account "default" in `root:org:ws:ws` is granted access to `root:org:ws:ws`, and through the
workspace content authorizer it gains the `system:kcp:clusterworkspace:access` group membership.

0 comments on commit 50434a5

Please sign in to comment.