chore: remove orphaned deployment/polaris-rbac.yaml (PRI-917)
PR #146 moved RBAC management to the infra repo (Flux). The local RBAC apply steps were removed from the E2E workflow, but this file was inadvertently left behind. It is now orphaned since the polaris-dashboard-proxy-reader Role and RoleBinding are managed by Flux. See PRI-916 for context.
This commit is contained in:
committed by
Gandalf the Greybeard [agent]
Gandalf the Greybeard [agent]
parent
dc1f354449
commit
1d6584742e
@@ -1,28 +0,0 @@
|
|||||||
# RBAC to allow authenticated users to proxy to the Polaris dashboard service.
|
|
||||||
# The polaris plugin reads audit data via the Kubernetes service proxy:
|
|
||||||
# /api/v1/namespaces/polaris/services/http:polaris-dashboard:80/proxy/results.json
|
|
||||||
# Without this Role + RoleBinding, users get a 403 when Headlamp proxies the request.
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: Role
|
|
||||||
metadata:
|
|
||||||
name: polaris-dashboard-proxy-reader
|
|
||||||
namespace: polaris
|
|
||||||
rules:
|
|
||||||
- apiGroups: [""]
|
|
||||||
resources: ["services/proxy"]
|
|
||||||
resourceNames: ["polaris-dashboard", "http:polaris-dashboard:80"]
|
|
||||||
verbs: ["get"]
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
name: polaris-dashboard-proxy-reader
|
|
||||||
namespace: polaris
|
|
||||||
subjects:
|
|
||||||
- kind: Group
|
|
||||||
name: system:authenticated
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
roleRef:
|
|
||||||
kind: Role
|
|
||||||
name: polaris-dashboard-proxy-reader
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
Reference in New Issue
Block a user