github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-01-27 18:18:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove kubeapps-admin role (#543)

Browse Source 
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **New Features**
	- Introduced new secrets for enhanced security management.
	- Added a new realm group for streamlined administrative roles.
	- Implemented a new cluster role binding for improved access control.

- **Bug Fixes**
	- Removed outdated role bindings to reflect updated permissions.

- **Refactor**
- Transitioned from a broad cluster role to a more focused
namespace-specific role, enhancing role granularity.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This commit is contained in:
Andrei Kvapil
2024-12-27 14:33:03 +01:00
committed by GitHub
parent 3ae70f381c
commit 4754e359f5
3 changed files with 0 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
packages/system/keycloak-configure/templates/configure-kk.yaml
View File

@@ -215,19 +215,6 @@ data:
---
apiVersion: v1.edp.epam.com/v1
kind: KeycloakRealmGroup
metadata:
name: kubeapps-admin
namespace: cozy-dashboard
spec:
name: kubeapps-admin
realmRef:
name: keycloakrealm-cozy
kind: ClusterKeycloakRealm
---
apiVersion: v1.edp.epam.com/v1
kind: KeycloakRealmGroup
metadata:

32
packages/system/keycloak-configure/templates/rolebinding.yaml
View File

@@ -1,35 +1,3 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubeapps-admin-group
namespace: cozy-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubeapps-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: kubeapps-admin
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubeapps-admin
namespace: cozy-public
subjects:
- kind: Group
name: kubeapps-admin
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: kubeapps-admin
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:

42
packages/system/keycloak-configure/templates/roles.yaml
View File

@@ -1,45 +1,3 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubeapps-admin
rules:
- apiGroups: [""]
resources:
- "*"
verbs:
- get
- list
- watch
- apiGroups: ["apps.cozystack.io"]
resources:
- '*'
verbs:
- '*'
- apiGroups: ["helm.toolkit.fluxcd.io"]
resources:
- helmreleases
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: kubeapps-admin
namespace: cozy-public
rules:
- apiGroups: ["source.toolkit.fluxcd.io"]
resources: ["helmrepositories"]
verbs:
- get
- list
- apiGroups: ["source.toolkit.fluxcd.io"]
resources:
- helmcharts
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata: