Skip to main content
Version: 2.0 (Latest)

Management Roles

Management roles are defining templates for ClusterRoles that are intended to grant permissions to Loft's Management API.

Configuration

Metadata

Display Name

JSONPath in ClusterRoleTemplate CRD:
 spec.displayName (type: string)

Kubernetes Name

JSONPath in ClusterRoleTemplate CRD:
 metadata.name (type: string)

Description

JSONPath in ClusterRoleTemplate CRD:
 spec.description (type: string)

Labels

JSONPath in ClusterRoleTemplate CRD:
 metadata.labels (type: map[string]string)

Annotations

JSONPath in ClusterRoleTemplate CRD:
 metadata.annotations (type: map[string]string)

ClusterRole Template

RBAC Rules

JSONPath in ClusterRoleTemplate CRD:
 spec.localClusterRoleTemplate.spec.clusterRoleTemplate.rules (type: RBACRule[])

Aggregation

JSONPath in ClusterRoleTemplate CRD:
 spec.localClusterRoleTemplate.spec.clusterRoleTemplate.aggregationRule (type: RBACAggregationRule{})

Labels

JSONPath in ClusterRoleTemplate CRD:
 spec.localClusterRoleTemplate.metadata.labels (type: string[])

Annotations

JSONPath in ClusterRoleTemplate CRD:
 spec.localClusterRoleTemplate.metadata.annotations (type: string[])

Access To Management Role

JSONPath in ClusterRoleTemplate CRD:
 spec.access (type: Access[])

CRDs

ClusterRoleTemplate

apiVersion
string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind
string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

object (io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta)

ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.

object (com.github.loft-sh.api.pkg.apis.management.v1.ClusterRoleTemplateSpec)

ClusterRoleTemplateSpec holds the specification

object (com.github.loft-sh.api.pkg.apis.management.v1.ClusterRoleTemplateStatus)

ClusterRoleTemplateStatus holds the status

{
  • "apiVersion": "string",
  • "kind": "string",
  • "metadata": {
    },
  • "spec": {
    },
  • "status": {
    }
}