RBAC

The rbac adapter provides Role-Based Access Control (RBAC) functionality for for services within the Istio mesh.

Params

Configuration format for the rbac adapter.

For example, the following configuration defines a RBAC handler with configuration store URL pointing to Kubernetes etcd (“k8s://”). If you want to run Mixer locally, you can set the configuration store URL to a local directory (e.g., “fs:///tmp/testdata/configroot”).

apiVersion: "config.istio.io/v1alpha2"
kind: rbac
metadata:
  name: rbachandler
  namespace: istio-system
spec:
  config_store_url: "fs:///tmp/testdata/config"

Field	Type	Description
`configStoreUrl`	`string`	URL for the config store. It is used to initiate a new Store instance. Following are some examples of the config store URL: * “k8s://” * “fs:///tmp/testdata/configroot”
`cacheDuration`	`google.protobuf.Duration`	The duration for which authorization results may be cached.