reinoud/flux2-hub-spoke-example
1
0
Fork 0
mirror of https://github.com/fluxcd/flux2-hub-spoke-example.git synced 2025-07-27 15:53:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Limit access for apps releases

Browse source 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit is contained in:
Stefan Prodan 2024-04-10 09:03:21 +03:00
parent dbf4a7d57e
commit 03d4282e95
No known key found for this signature in database
GPG key ID: 3299AEB0E4085BAF
2 changed files with 29 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

26
clusters/staging/tenants/podinfo.yaml
View file

@ -4,3 +4,29 @@ metadata:
name: podinfo
labels:
toolkit.fluxcd.io/tenant: dev-team
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
toolkit.fluxcd.io/tenant: dev-team
name: flux
namespace: podinfo
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
toolkit.fluxcd.io/tenant: dev-team
name: flux
namespace: podinfo
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
# This binding limits the access to the namespace
# being a RoleBinding instead of a ClusterRoleBinding
name: cluster-admin
subjects:
- kind: ServiceAccount
name: flux
namespace: podinfo

3
hub/staging.yaml
View file

@ -49,3 +49,6 @@ spec:
value:
secretRef:
name: cluster-kubeconfig
- op: add
path: /spec/serviceAccountName
value: flux