fix: E2E tests — RBAC for Polaris service proxy + settings selector #22
@@ -0,0 +1,28 @@
|
||||
# RBAC to allow authenticated users to proxy to the Polaris dashboard service.
|
||||
# The polaris plugin reads audit data via the Kubernetes service proxy:
|
||||
# /api/v1/namespaces/polaris/services/http:polaris-dashboard:80/proxy/results.json
|
||||
# Without this Role + RoleBinding, users get a 403 when Headlamp proxies the request.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: polaris-dashboard-proxy-reader
|
||||
namespace: polaris
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["services/proxy"]
|
||||
resourceNames: ["polaris-dashboard", "http:polaris-dashboard:80"]
|
||||
verbs: ["get"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: polaris-dashboard-proxy-reader
|
||||
namespace: polaris
|
||||
subjects:
|
||||
- kind: Group
|
||||
name: system:authenticated
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: polaris-dashboard-proxy-reader
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
Reference in New Issue
Block a user