infrastructure/flux/olympus/apps/flux-system/rbac.yaml

---
# Admin cluster role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: weave-admin
rules:
# Flux Resources
- apiGroups: ["kustomize.toolkit.fluxcd.io"]
  resources: [ "kustomizations" ]
  verbs: [ "get", "list", "patch" ]
- apiGroups: ["helm.toolkit.fluxcd.io"]
  resources: [ "helmreleases" ]
  verbs: [ "get", "list", "patch" ]
- apiGroups: ["source.toolkit.fluxcd.io"]
  resources: [ "buckets", "helmcharts", "gitrepositories", "helmrepositories", "ocirepositories" ]
  verbs: [ "get", "list", "patch" ]
- apiGroups: [ "notification.toolkit.fluxcd.io" ]
  resources: [ "providers", "alerts" ]
  verbs: [ "get", "list" ]
- apiGroups: ["infra.contrib.fluxcd.io"]
  resources: ["terraforms"]
  verbs: [ "get", "list", "patch" ]
# Resources managed via Flux
- apiGroups: [""]
  resources: ["configmaps", "secrets", "pods", "services", "namespaces", "persistentvolumes", "persistentvolumeclaims"]
  verbs: [ "get", "list" ]
- apiGroups: ["apps"]
  resources: [ "deployments", "replicasets", "statefulsets"]
  verbs: [ "get", "list" ]
- apiGroups: ["batch"]
  resources: [ "jobs", "cronjobs"]
  verbs: [ "get", "list" ]
- apiGroups: ["autoscaling"]
  resources: ["horizontalpodautoscalers"]
  verbs: [ "get", "list" ]
- apiGroups: ["rbac.authorization.k8s.io"]
  resources: ["roles", "clusterroles", "rolebindings", "clusterrolebindings"]
  verbs: [ "get", "list" ]
- apiGroups: ["networking.k8s.io"]
  resources: ["ingresses"]
  verbs: [ "get", "list" ]
# Feedback
- apiGroups: [""]
  resources: ["events"]
  verbs: ["get", "watch", "list"]
---
# Bind the cluster admin role to admins
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: weave-admin
subjects:
- kind: User
  name: "victor@xirion.net"
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: weave-admin
  apiGroup: rbac.authorization.k8s.io
add weave rbac (test) 2023-05-11 14:09:58 +02:00			`---`
			`# Admin cluster role`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
remove hardcoded admin from weave test test 2 test 3 test-4 re add user stuff disable admin add rbac fix rbac fix rba 1c fix rba 12c 2023-05-11 14:22:44 +02:00			`name: weave-admin`
add weave rbac (test) 2023-05-11 14:09:58 +02:00			`rules:`
expand rbac 2023-05-11 15:06:18 +02:00			`# Flux Resources`
			`- apiGroups: ["kustomize.toolkit.fluxcd.io"]`
			`resources: [ "kustomizations" ]`
			`verbs: [ "get", "list", "patch" ]`
			`- apiGroups: ["helm.toolkit.fluxcd.io"]`
			`resources: [ "helmreleases" ]`
			`verbs: [ "get", "list", "patch" ]`
			`- apiGroups: ["source.toolkit.fluxcd.io"]`
			`resources: [ "buckets", "helmcharts", "gitrepositories", "helmrepositories", "ocirepositories" ]`
			`verbs: [ "get", "list", "patch" ]`
			`- apiGroups: [ "notification.toolkit.fluxcd.io" ]`
			`resources: [ "providers", "alerts" ]`
			`verbs: [ "get", "list" ]`
			`- apiGroups: ["infra.contrib.fluxcd.io"]`
			`resources: ["terraforms"]`
			`verbs: [ "get", "list", "patch" ]`
			`# Resources managed via Flux`
			`- apiGroups: [""]`
			`resources: ["configmaps", "secrets", "pods", "services", "namespaces", "persistentvolumes", "persistentvolumeclaims"]`
			`verbs: [ "get", "list" ]`
			`- apiGroups: ["apps"]`
			`resources: [ "deployments", "replicasets", "statefulsets"]`
			`verbs: [ "get", "list" ]`
			`- apiGroups: ["batch"]`
			`resources: [ "jobs", "cronjobs"]`
			`verbs: [ "get", "list" ]`
			`- apiGroups: ["autoscaling"]`
			`resources: ["horizontalpodautoscalers"]`
			`verbs: [ "get", "list" ]`
			`- apiGroups: ["rbac.authorization.k8s.io"]`
			`resources: ["roles", "clusterroles", "rolebindings", "clusterrolebindings"]`
			`verbs: [ "get", "list" ]`
			`- apiGroups: ["networking.k8s.io"]`
			`resources: ["ingresses"]`
			`verbs: [ "get", "list" ]`
			`# Feedback`
			`- apiGroups: [""]`
			`resources: ["events"]`
			`verbs: ["get", "watch", "list"]`
add weave rbac (test) 2023-05-11 14:09:58 +02:00			`---`
			`# Bind the cluster admin role to admins`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
remove hardcoded admin from weave test test 2 test 3 test-4 re add user stuff disable admin add rbac fix rbac fix rba 1c fix rba 12c 2023-05-11 14:22:44 +02:00			`name: weave-admin`
add weave rbac (test) 2023-05-11 14:09:58 +02:00			`subjects:`
			`- kind: User`
			`name: "victor@xirion.net"`
			`apiGroup: rbac.authorization.k8s.io`
			`roleRef:`
			`kind: ClusterRole`
remove hardcoded admin from weave test test 2 test 3 test-4 re add user stuff disable admin add rbac fix rbac fix rba 1c fix rba 12c 2023-05-11 14:22:44 +02:00			`name: weave-admin`
add weave rbac (test) 2023-05-11 14:09:58 +02:00			`apiGroup: rbac.authorization.k8s.io`