Access Policy Details
< create overview | access policy create workflow
Overview
- Identification and Description: Provide clear names to help your team understand the policy's purpose and configuration.
📚 For more details on key points, refer to the overview section.
📚 Explore the properties section for additional information on each UI property.
CLI Instructions
CLI Commands - Quick Reference
| Instruction | CLI Command |
|---|---|
| List all access policies | wf get globalaccesspolicies |
| View a access policy's manifest in console | wf get globalaccesspolicies POLICYNAME -o yaml |
| Output a access policy's manifest to file | wf get globalaccesspolicies POLICYNAME -o yaml > MYPOLICY.yaml |
| Apply a access policy's manifest from file | wf apply -f MYPOLICY.yaml |
Create a new access policy
The best way to create a new cluster access policy is to copy an existing one.
Follow these steps:
- Check which cluster access policies already exist using the
wf get globalaccesspoliciescommand.
wf get globalaccesspolicies
NAME DESCRIPTION STATUS ENABLED AGE
admin.accesstoken Allows workspace owners to assign deployment roles to access tokens Success Unknown 537d
admin.accesstoken.serviceaccounttoken Allows workspace owners to assign service account token roles to access tokens Success true 336d
admin.alpha Access to administrate the alpha stage Success true 173d
admin.nonprod Admin access to non-production clusters Success Unknown 553d
admin.prod Admin access to production clusters Success Unknown 553d
editor.nonprod Editor access to non-production clusters Success Unknown 553d
editor.prod Editor access to production clusters Success Unknown 553d
secretsviewer.nonprod Secrets read access to non-production clusters Success Unknown 553d
secretsviewer.prod Secrets read access to production clusters Success Unknown 553d
support Temporary troubleshooting access to clusters including exec and logs for pods Success Unknown 553d
viewer.nonprod View access to non-production clusters Success Unknown 553d
viewer.prod View access to production clusters Success Unknown 553d
- Get the yaml from an existing policy:
wf get globalaccesspolicies admin.nonprod -o yaml > MYPOLICY.yaml
This copies the the admin.nonprod access policy and places it in a file MYPOLICY.yaml.
- Edit the access policy template section of the file as needed. Make sure to change the metadata name to a new name, to indicate that you wish to make a new cluster access policy. Thereafter, apply the file:
wf apply -f MYPOLICY.yaml
Web Interface Instructions
Note that Wayfinder's User Interface has several sections you need to follow in order to create a new access policy. Below only outlines the Details section.
Steps
- Expand Admin, and then navigate to Policy > Cluster Access
- Click the +Cluster Access Policy button
- Fill in the details as outlined in the properties section.
- Click Continue to proceed
Screenshot(s)
Properties
| Field | Description |
|---|---|
| Name | The name of the access policy. |
| Description | A short description describing the purpose of the access policy. |