--- # Admin cluster role apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: weave-admin rules: # Flux Resources - apiGroups: ["kustomize.toolkit.fluxcd.io"] resources: ["kustomizations"] verbs: ["get", "list", "patch"] - apiGroups: ["helm.toolkit.fluxcd.io"] resources: ["helmreleases"] verbs: ["get", "list", "patch"] - apiGroups: ["source.toolkit.fluxcd.io"] resources: [ "buckets", "helmcharts", "gitrepositories", "helmrepositories", "ocirepositories", ] verbs: ["get", "list", "patch"] - apiGroups: ["notification.toolkit.fluxcd.io"] resources: ["providers", "alerts"] verbs: ["get", "list"] - apiGroups: ["infra.contrib.fluxcd.io"] resources: ["terraforms"] verbs: ["get", "list", "patch"] # Resources managed via Flux - apiGroups: [""] resources: [ "configmaps", "secrets", "pods", "services", "namespaces", "persistentvolumes", "persistentvolumeclaims", ] verbs: ["get", "list"] - apiGroups: ["apps"] resources: ["deployments", "replicasets", "statefulsets"] verbs: ["get", "list"] - apiGroups: ["batch"] resources: ["jobs", "cronjobs"] verbs: ["get", "list"] - apiGroups: ["autoscaling"] resources: ["horizontalpodautoscalers"] verbs: ["get", "list"] - apiGroups: ["rbac.authorization.k8s.io"] resources: ["roles", "clusterroles", "rolebindings", "clusterrolebindings"] verbs: ["get", "list"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list"] # Feedback - apiGroups: [""] resources: ["events"] verbs: ["get", "watch", "list"] --- # Bind the cluster admin role to admins apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: weave-admin subjects: - kind: User name: "victor@xirion.net" apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: weave-admin apiGroup: rbac.authorization.k8s.io