Merge pull request #14 from ashish493/master

feat: Add support for all resources of k8s and for production server
casbin · Jul 7, 2021 · b3f1f84 · b3f1f84
2 parents af051f5 + 75dc93d
commit b3f1f84
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 2 deletions.
diff --git a/.releaserc.json b/.releaserc.json
@@ -0,0 +1,16 @@
+{
+    "debug": true,
+    "branches": [
+        "+([0-9])?(.{+([0-9]),x}).x",
+      "master",
+      {
+        "name": "beta",
+        "prerelease": true
+      }
+    ],
+    "plugins": [
+      "@semantic-release/commit-analyzer",
+      "@semantic-release/release-notes-generator",
+      "@semantic-release/github"
+    ]
+  }
diff --git a/README.md b/README.md
@@ -44,6 +44,14 @@ Before proceeding, make sure to have the following-
 ```
 kubectl apply -f deployment.yaml
 ```
+- For a production server, we need to create a k8s `secret` to place the certificates for security purposes. 
+```
+kubectl create secret generic casbin -n default \
+  --from-file=key.pem=certs/casbin-key.pem \
+  --from-file=cert.pem=certs/casbin-crt.pem
+```
+- Once, this part is done we need to change the directory of the certs in [main.go](https://github.com/ashish493/k8s-authz/blob/3560551427c0431a9d4594ad1206f084ede37c49/main.go#L26) and then in [manifests](https://github.com/ashish493/k8s-authz/blob/3560551427c0431a9d4594ad1206f084ede37c49/manifests/deployment.yaml#L22) with that of the `secret`.
+
 Now the server should be running and ready to validate the requests for the operations on the pods. 
 
 ## Documentation

diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml
@@ -60,8 +60,8 @@ webhooks:
         path: "/validate"
       caBundle: "${CA_BUNDLE}"
     rules:
-      - operations: ["CREATE","UPDATE","DELETE","CONNECT"]
+      - operations: ["*"]
         apiGroups: [""]
         apiVersions: ["v1"]
-        resources: ["pods"]
+        resources: ["*/*"]
     failurePolicy: Fail