This repository has been archived on 2026-06-16. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
headlamp-polaris-plugin/deployment/polaris-rbac.yaml
T
Hugh Hackman 39519788d6 ci: update polaris plugin version and add headlamp SA to RBAC
- Update headlamp-static-plugin-values.yaml to 0.7.2
- Add headlamp service account to polaris-dashboard-proxy-reader RoleBinding
- Update documentation references from headlamp-polaris-plugin to headlamp-polaris

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-15 14:21:18 +00:00

32 lines
994 B
YAML

# RBAC to allow authenticated users to proxy to the Polaris dashboard service.
# The polaris plugin reads audit data via the Kubernetes service proxy:
# /api/v1/namespaces/polaris/services/http:polaris-dashboard:80/proxy/results.json
# Without this Role + RoleBinding, users get a 403 when Headlamp proxies the request.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: polaris-dashboard-proxy-reader
namespace: polaris
rules:
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["polaris-dashboard", "http:polaris-dashboard:80"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: polaris-dashboard-proxy-reader
namespace: polaris
subjects:
- kind: Group
name: system:authenticated
apiGroup: rbac.authorization.k8s.io
- kind: ServiceAccount
name: headlamp
namespace: kube-system
roleRef:
kind: Role
name: polaris-dashboard-proxy-reader
apiGroup: rbac.authorization.k8s.io