diff --git a/flux/olympus/apps/flux-system/rbac.yaml b/flux/olympus/apps/flux-system/rbac.yaml index f32f336..a3a7d0c 100644 --- a/flux/olympus/apps/flux-system/rbac.yaml +++ b/flux/olympus/apps/flux-system/rbac.yaml @@ -5,45 +5,61 @@ kind: ClusterRole metadata: name: weave-admin rules: -# Flux Resources -- apiGroups: ["kustomize.toolkit.fluxcd.io"] - resources: [ "kustomizations" ] - verbs: [ "get", "list", "patch" ] -- apiGroups: ["helm.toolkit.fluxcd.io"] - resources: [ "helmreleases" ] - verbs: [ "get", "list", "patch" ] -- apiGroups: ["source.toolkit.fluxcd.io"] - resources: [ "buckets", "helmcharts", "gitrepositories", "helmrepositories", "ocirepositories" ] - verbs: [ "get", "list", "patch" ] -- apiGroups: [ "notification.toolkit.fluxcd.io" ] - resources: [ "providers", "alerts" ] - verbs: [ "get", "list" ] -- apiGroups: ["infra.contrib.fluxcd.io"] - resources: ["terraforms"] - verbs: [ "get", "list", "patch" ] -# Resources managed via Flux -- apiGroups: [""] - resources: ["configmaps", "secrets", "pods", "services", "namespaces", "persistentvolumes", "persistentvolumeclaims"] - verbs: [ "get", "list" ] -- apiGroups: ["apps"] - resources: [ "deployments", "replicasets", "statefulsets"] - verbs: [ "get", "list" ] -- apiGroups: ["batch"] - resources: [ "jobs", "cronjobs"] - verbs: [ "get", "list" ] -- apiGroups: ["autoscaling"] - resources: ["horizontalpodautoscalers"] - verbs: [ "get", "list" ] -- apiGroups: ["rbac.authorization.k8s.io"] - resources: ["roles", "clusterroles", "rolebindings", "clusterrolebindings"] - verbs: [ "get", "list" ] -- apiGroups: ["networking.k8s.io"] - resources: ["ingresses"] - verbs: [ "get", "list" ] -# Feedback -- apiGroups: [""] - resources: ["events"] - verbs: ["get", "watch", "list"] + # Flux Resources + - apiGroups: ["kustomize.toolkit.fluxcd.io"] + resources: ["kustomizations"] + verbs: ["get", "list", "patch"] + - apiGroups: ["helm.toolkit.fluxcd.io"] + resources: ["helmreleases"] + verbs: ["get", "list", "patch"] + - apiGroups: ["source.toolkit.fluxcd.io"] + resources: + [ + "buckets", + "helmcharts", + "gitrepositories", + "helmrepositories", + "ocirepositories", + ] + verbs: ["get", "list", "patch"] + - apiGroups: ["notification.toolkit.fluxcd.io"] + resources: ["providers", "alerts"] + verbs: ["get", "list"] + - apiGroups: ["infra.contrib.fluxcd.io"] + resources: ["terraforms"] + verbs: ["get", "list", "patch"] + # Resources managed via Flux + - apiGroups: [""] + resources: + [ + "configmaps", + "secrets", + "pods", + "services", + "namespaces", + "persistentvolumes", + "persistentvolumeclaims", + ] + verbs: ["get", "list"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets", "statefulsets"] + verbs: ["get", "list"] + - apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["get", "list"] + - apiGroups: ["autoscaling"] + resources: ["horizontalpodautoscalers"] + verbs: ["get", "list"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["roles", "clusterroles", "rolebindings", "clusterrolebindings"] + verbs: ["get", "list"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list"] + # Feedback + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "watch", "list"] --- # Bind the cluster admin role to admins apiVersion: rbac.authorization.k8s.io/v1 @@ -51,9 +67,9 @@ kind: ClusterRoleBinding metadata: name: weave-admin subjects: -- kind: User - name: "victor@xirion.net" - apiGroup: rbac.authorization.k8s.io + - kind: User + name: "victor@xirion.net" + apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: weave-admin diff --git a/flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml b/flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml index ca8150b..6ec96a9 100644 --- a/flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml +++ b/flux/olympus/apps/flux-system/weave-gitops-dashboard.yaml @@ -37,10 +37,10 @@ spec: ingress: enabled: true hosts: - - host: flux.0x76.dev - paths: - - path: / - pathType: ImplementationSpecific + - host: flux.0x76.dev + paths: + - path: / + pathType: ImplementationSpecific adminUser: create: false passwordHash: $2a$10$uIY/YYe.CcRerpVvfk04muX86hLfXRH.K6jATZaVPqp.bnUIu/bsC