d-bis/Sankofa
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6f28146ac303a225bce4a89c0658fe1c7b98ec13
Sankofa/cloudflare/access-policies.yaml
defiQUG 6f28146ac3 Initial Phoenix Sankofa Cloud setup 
- Complete project structure with Next.js frontend
- GraphQL API backend with Apollo Server
- Portal application with NextAuth
- Crossplane Proxmox provider
- GitOps configurations
- CI/CD pipelines
- Testing infrastructure (Vitest, Jest, Go tests)
- Error handling and monitoring
- Security hardening
- UI component library
- Documentation
2025-11-28 12:54:33 -08:00

264 lines
5.4 KiB
YAML
Raw Blame History

# Cloudflare Zero Trust Access Policies
# These policies control who can access which applications
apiVersion: v1
kind: ConfigMap
metadata:
name: cloudflare-access-policies
namespace: default
data:
# Portal Access Policy
portal-policy: |
{
"name": "Portal Access",
"application": {
"domain": "portal.yourdomain.com",
"name": "Hybrid Cloud Portal"
},
"policies": [
{
"name": "Allow Authenticated Users",
"decision": "allow",
"include": [
{
"email": {
"domain": "yourdomain.com"
}
}
],
"require": [
{
"email": {
"domain": "yourdomain.com"
}
}
],
"session_duration": "24h"
},
{
"name": "Require MFA for Admins",
"decision": "allow",
"include": [
{
"group": {
"name": "admins"
}
}
],
"require": [
{
"mfa": {}
}
],
"session_duration": "8h"
}
]
}
# Rancher Access Policy
rancher-policy: |
{
"name": "Rancher Access",
"application": {
"domain": "rancher.yourdomain.com",
"name": "Rancher UI"
},
"policies": [
{
"name": "Allow Admin Group",
"decision": "allow",
"include": [
{
"group": {
"name": "admins"
}
},
{
"group": {
"name": "platform-engineers"
}
}
],
"require": [
{
"mfa": {}
},
{
"device_posture": {
"check": "managed_device"
}
}
],
"session_duration": "4h"
}
]
}
# ArgoCD Access Policy
argocd-policy: |
{
"name": "ArgoCD Access",
"application": {
"domain": "argocd.yourdomain.com",
"name": "ArgoCD GitOps"
},
"policies": [
{
"name": "Allow Platform Engineers",
"decision": "allow",
"include": [
{
"group": {
"name": "platform-engineers"
}
},
{
"group": {
"name": "admins"
}
}
],
"require": [
{
"mfa": {}
}
],
"session_duration": "8h"
}
]
}
# Grafana Access Policy
grafana-policy: |
{
"name": "Grafana Access",
"application": {
"domain": "grafana.yourdomain.com",
"name": "Grafana Dashboards"
},
"policies": [
{
"name": "Allow All Authenticated",
"decision": "allow",
"include": [
{
"email": {
"domain": "yourdomain.com"
}
}
],
"session_duration": "24h"
}
]
}
# Vault Access Policy
vault-policy: |
{
"name": "Vault Access",
"application": {
"domain": "vault.yourdomain.com",
"name": "HashiCorp Vault"
},
"policies": [
{
"name": "Allow Admin Group Only",
"decision": "allow",
"include": [
{
"group": {
"name": "admins"
}
}
],
"require": [
{
"mfa": {}
},
{
"device_posture": {
"check": "managed_device"
}
}
],
"session_duration": "2h"
}
]
}
# Proxmox API Access Policy
proxmox-api-policy: |
{
"name": "Proxmox API Access",
"application": {
"domain": "proxmox-api.yourdomain.com",
"name": "Proxmox API"
},
"policies": [
{
"name": "Allow Service Accounts",
"decision": "allow",
"include": [
{
"service_token": {
"name": "crossplane-proxmox-token"
}
}
],
"session_duration": "1h"
},
{
"name": "Allow Platform Engineers",
"decision": "allow",
"include": [
{
"group": {
"name": "platform-engineers"
}
}
],
"require": [
{
"mfa": {}
}
],
"session_duration": "4h"
}
]
}
# Keycloak Access Policy
keycloak-policy: |
{
"name": "Keycloak Access",
"application": {
"domain": "keycloak.yourdomain.com",
"name": "Keycloak Admin"
},
"policies": [
{
"name": "Allow Admin Group Only",
"decision": "allow",
"include": [
{
"group": {
"name": "admins"
}
}
],
"require": [
{
"mfa": {}
},
{
"device_posture": {
"check": "managed_device"
}
}
],
"session_duration": "2h"
}
]
}
Reference in New Issue View Git Blame Copy Permalink