Skip to content

Manage accessΒΆ

This guide will show you how to manage access to your topic.

PrerequisitesΒΆ

Add ACLs to your topicΒΆ

Info

It is possible to use simple wildcards (*) in both team and application names, which matches any character any number of times. Be aware that due to the way ACLs are generated and length limits, the ends of long names can be cut, eliminating any wildcards at the end.

Example of various ACLs:

.nais/topic.yaml
...
apiVersion: nais.io/v1alpha1
kind: Topic
...
spec:
  acl:
  - team: <ANOTHER-TEAM>
    application: <CONSUMER-APP>
    access: read
  - team: <ANOTHER-TEAM>
    application: <CONSUMER-APP2>
    access: read
  - team: <ANOTHER-TEAM>
    application: <PRODUCER-APP> 
    access: write
  - team: <PRODUCER-TEAM>
    application: <PRODUCER-APP> 
    access: write
  - team: <TRUSTED-TEAM>
    application: *
    access: read     # ALL applications from this trusted-team has read
  - team: *
    application: <APPLICATION-NAME>
    access: read     # Applications named <APPLICATION-NAME> from ANY team has read
  - team: <MY-TEAM>
    application: rapid-*
    access: readwrite   # ALL applications from <MY-TEAM> with names starting with `rapid-` has readwrite access
  ...

Apply the Topic resourceΒΆ

Add the file to your application repository to deploy with NAIS github action.

kubectl apply -f ./nais/topic.yaml --namespace=<MY-TEAM> --context=<MY-CLUSTER>