diff --git a/clusters/staging/tenants/flux.yaml b/clusters/staging/tenants/flux.yaml new file mode 100644 index 0000000..40287fd --- /dev/null +++ b/clusters/staging/tenants/flux.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: staging + labels: + toolkit.fluxcd.io/tenant: admin-team +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + toolkit.fluxcd.io/tenant: admin-team + name: flux-restricted + namespace: staging +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + toolkit.fluxcd.io/tenant: admin-team + name: flux-cluster-admin + namespace: staging +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + toolkit.fluxcd.io/tenant: admin-team + name: flux-cluster-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: flux-cluster-admin + namespace: staging diff --git a/clusters/staging/tenants/podinfo.yaml b/clusters/staging/tenants/podinfo.yaml index 4f4f3e2..72ef433 100644 --- a/clusters/staging/tenants/podinfo.yaml +++ b/clusters/staging/tenants/podinfo.yaml @@ -20,5 +20,5 @@ roleRef: name: cluster-admin subjects: - kind: ServiceAccount - name: flux-apps + name: flux-restricted namespace: staging diff --git a/clusters/staging/tenants/staging.yaml b/clusters/staging/tenants/staging.yaml deleted file mode 100644 index 3cb1e2f..0000000 --- a/clusters/staging/tenants/staging.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: staging - labels: - toolkit.fluxcd.io/tenant: dev-team ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - toolkit.fluxcd.io/tenant: dev-team - name: flux-apps - namespace: staging diff --git a/hub/staging.yaml b/hub/staging.yaml index 5bcf9df..329674f 100644 --- a/hub/staging.yaml +++ b/hub/staging.yaml @@ -53,4 +53,4 @@ spec: name: cluster-kubeconfig - op: add path: /spec/serviceAccountName - value: flux-apps + value: flux-restricted