RBAC

The rbac adapter provides Role-Based Access Control (RBAC) functionality for for services within the Istio mesh.

This adapter supports the authorization template.

Params

Configuration format for the rbac adapter.

For example, the following configuration defines a RBAC handler with configuration store URL pointing to Kubernetes etcd (“k8s://”). If you want to run Mixer locally, you can set the configuration store URL to a local directory (e.g., “fs:///tmp/testdata/configroot”).

apiVersion: "config.istio.io/v1alpha2"
kind: rbac
metadata:
  name: rbachandler
  namespace: istio-system
spec:
  config_store_url: "fs:///tmp/testdata/config"

Field	Type	Description
`configStoreUrl`	`string`	URL for the config store. It is used to initiate a new Store instance. Following are some examples of the config store URL: * “k8s://” * “fs:///tmp/testdata/configroot”
`cacheDuration`	`google.protobuf.Duration`	The duration for which authorization results may be cached.