Skip to content

Commit

Permalink
Remove kubeapps-admin role (#543)
Browse files Browse the repository at this point in the history
Signed-off-by: Andrei Kvapil <[email protected]>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **New Features**
	- Introduced new secrets for enhanced security management.
	- Added a new realm group for streamlined administrative roles.
	- Implemented a new cluster role binding for improved access control.

- **Bug Fixes**
	- Removed outdated role bindings to reflect updated permissions.

- **Refactor**
- Transitioned from a broad cluster role to a more focused
namespace-specific role, enhancing role granularity.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Signed-off-by: Andrei Kvapil <[email protected]>
  • Loading branch information
kvaps authored Dec 27, 2024
1 parent 3ae70f3 commit 4754e35
Show file tree
Hide file tree
Showing 3 changed files with 0 additions and 87 deletions.
13 changes: 0 additions & 13 deletions packages/system/keycloak-configure/templates/configure-kk.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -215,19 +215,6 @@ data:
---

apiVersion: v1.edp.epam.com/v1
kind: KeycloakRealmGroup
metadata:
name: kubeapps-admin
namespace: cozy-dashboard
spec:
name: kubeapps-admin
realmRef:
name: keycloakrealm-cozy
kind: ClusterKeycloakRealm

---

apiVersion: v1.edp.epam.com/v1
kind: KeycloakRealmGroup
metadata:
Expand Down
32 changes: 0 additions & 32 deletions packages/system/keycloak-configure/templates/rolebinding.yaml
Original file line number Diff line number Diff line change
@@ -1,35 +1,3 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubeapps-admin-group
namespace: cozy-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubeapps-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: kubeapps-admin

---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubeapps-admin
namespace: cozy-public
subjects:
- kind: Group
name: kubeapps-admin
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: kubeapps-admin
apiGroup: rbac.authorization.k8s.io

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
Expand Down
42 changes: 0 additions & 42 deletions packages/system/keycloak-configure/templates/roles.yaml
Original file line number Diff line number Diff line change
@@ -1,45 +1,3 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubeapps-admin
rules:
- apiGroups: [""]
resources:
- "*"
verbs:
- get
- list
- watch
- apiGroups: ["apps.cozystack.io"]
resources:
- '*'
verbs:
- '*'
- apiGroups: ["helm.toolkit.fluxcd.io"]
resources:
- helmreleases
verbs:
- '*'
---

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: kubeapps-admin
namespace: cozy-public
rules:
- apiGroups: ["source.toolkit.fluxcd.io"]
resources: ["helmrepositories"]
verbs:
- get
- list
- apiGroups: ["source.toolkit.fluxcd.io"]
resources:
- helmcharts
verbs: ["*"]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
Expand Down

0 comments on commit 4754e35

Please sign in to comment.