Comments (7)
For tangerine to spike this work
from weave-gitops.
@yiannistri please share the notes you mentioned earlier.
from weave-gitops.
@enekofb I have attempted to install Weave GitOps in its own namespace with its own service account. We can use this as a starting point to determine what RBAC permissions we could drop (if any) in order to better support the use case mentioned above. If it helps, see my comment here.
from weave-gitops.
@yiannistri, maybe I am missing the connection but our concern is about the permissions that are required for the impersonated user and not for the SA of weave-gitops.
Our users (and possibly users of many clusters where flux multitenancy is in use) have only access to their own namespaces (plus they are able to list namespaces) and that is it. With this, they can work with flux cli
(or kubectl
) to verify their HelmReleases
or Kustomizations
. But with weave-gitops, nothing shows up on the dashboard at the moment.
from weave-gitops.
@Cajga the use case you describe makes sense. My suggestion was about the first step towards a solution, which would allow users to run Weave GitOps in its own namespace, instead of flux-system
. Then we should evaluate what changes are needed (in RBAC and Go code) to support what you describe.
from weave-gitops.
@yiannistri thanks for the confirmation.
When I am dealing with RBAC, I use this tool heavily: https://github.com/liggitt/audit2rbac
I thought to mention it in case you do not know it. If it helps then I can make some tests and list here the RBAC that is needed for waeve-gitops installation in it's own namespace.
from weave-gitops.
Checking on this as this still makes weave-gitops
unusable when flux multi-tenancy and OIDC is enabled for the cluster and for weave-gitops
.
from weave-gitops.
Related Issues (20)
- Unable to configure OIDC via Keycloak and OAuth2 Proxy HOT 23
- Empty status for HelmRelease/HelmChart objects
- Migrate deployment of our documentation site over to Netlify
- search for 0.36.0 not available in Algolia HOT 4
- add documentation reindex step after docs release
- Allow users/community to define healthy status conditions per kubernetes resources per versions HOT 6
- gitops check failing after kubectl --short flag deprecation HOT 4
- Support for HelmRelease v2beta2 (flux 2.2.0) HOT 3
- wrongly reported status of sources in webui HOT 11
- [BUG] Anonymous access issue HOT 4
- OIDC with custom CA not usable HOT 4
- Extend Flux Runtime UI to Weave Gitops Runtime UI #3725
- Support for Flux 2.2.0 HOT 2
- Add support for reverse proxy subpaths HOT 1
- I can not access the UI when I change the /path from the ingress HOT 1
- Allow setting impersonation extras HOT 1
- [Question]: Tf-controller in Weave-gitops OSS HOT 1
- intro-weave-gitops page is not opening at all it shows HOT 5
- docs.gitops.weave.works broken/unreachable HOT 13
- OIDC integration with Azure fails "NO DATA" once impersonated
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from weave-gitops.