Jan Novak
5ca27a832b
- Upgrade Cilium helm release from 1.18.5 to 1.19.1 with gatewayClass creation enabled - Escalate gitea CI service account to cluster-admin, add OIDC cluster-admin binding - Deploy fujarna app with full manifest set (deployment, service, PVC, httproutes, external secret) - Add Flux web UI via flux-operator OCI repository and helm release - Add experiments kustomization with test resources for gateway API and certificates Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
20 lines
524 B
YAML
20 lines
524 B
YAML
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: gitea-ci-deploy
|
|
subjects:
|
|
- kind: User
|
|
name: "gitea_ci@idm.home.hrajfrisbee.cz" # matches preferred_username claim
|
|
apiGroup: rbac.authorization.k8s.io
|
|
roleRef:
|
|
# kind: ClusterRole
|
|
# name: edit # scope down as needed
|
|
# apiGroup: rbac.authorization.k8s.io
|
|
|
|
# this is obviously too much permissions
|
|
# but we can live with it for homelab
|
|
kind: ClusterRole
|
|
name: cluster-admin
|
|
apiGroup: rbac.authorization.k8s.io
|
|
|
|
|