Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(rbac): Introduce further default seeded TeamRoles #641

Merged
merged 7 commits into from
Oct 23, 2024
Merged

feat(rbac): Introduce further default seeded TeamRoles #641

merged 7 commits into from
Oct 23, 2024

Conversation

uwe-mayer
Copy link
Contributor

@uwe-mayer uwe-mayer commented Oct 15, 2024
edited
Loading

Description

With this PR we will provide the following TeamRoles seeded to onboarded clusters per default:

TeamRole Description APIGroups Resources Verbs
cluster-admin Full privileges * * *
cluster-viewer get, list and watch all resources * * get, list, watch
cluster-developer Aggregated role. Greenhouse aggregates the application-developer and the cluster-viewer. Further TeamRoles can be aggregated.
application-developer Set of permissions on pods, deployments and statefulsets necessary to develop applications on k8s apps deployments, statefulsets patch
"" pods, pods/portforward, pods/eviction, pods/proxy, pods/log, pods/status, get, list, watch, create, update, patch, delete
node-maintainer get and patch nodes "" nodes get, patch
namespace-creator All permissions on namespaces "" namespaces *

What type of PR is this? (check all applicable)

  • 🍕 Feature
  • 🐛 Bug Fix
  • 📝 Documentation Update
  • 🎨 Style
  • 🧑‍💻 Code Refactor
  • 🔥 Performance Improvements
  • ✅ Test
  • 🤖 Build
  • 🔁 CI
  • 📦 Chore (Release)
  • ⏩ Revert

Related Tickets & Documents

#529
#388

Remove if not applicable

Added tests?

  • 👍 yes
  • 🙅 no, because they aren't needed
  • 🙋 no, because I need help
  • Separate ticket for tests # (issue/pr)

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

Added to documentation?

  • 📜 README.md
  • 🤝 Documentation pages updated
  • 🙅 no documentation needed
  • (if applicable) generated OpenAPI docs for CRD changes

@uwe-mayer uwe-mayer requested review from a team as code owners October 15, 2024 08:21
@github-actions github-actions bot added documentation Improvements or additions to documentation feature labels Oct 15, 2024
@uwe-mayer
PR remarks
0ff544f 
Signed-off-by: Uwe Mayer <[email protected]>
@uwe-mayer
Undo accidental change
b397de6 
Signed-off-by: Uwe Mayer <[email protected]>
@uwe-mayer
undo accidental change
6cf46c0 
Signed-off-by: Uwe Mayer <[email protected]>
@uwe-mayer uwe-mayer merged commit 565d851 into main Oct 23, 2024
10 checks passed
@uwe-mayer uwe-mayer deleted the feat/seed-teamroles branch October 23, 2024 08:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@IvoGoman IvoGoman IvoGoman approved these changes

Assignees
No one assigned
Labels
documentation Improvements or additions to documentation feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@uwe-mayer @IvoGoman