Add Headlamp namespace policy: prod in kube-system, dev in privilegedescalation-dev
Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
@@ -42,6 +42,7 @@ All infrastructure changes deploy via **Flux GitOps**. Flux reconciles the org's
|
||||
- **`privilegedescalation-dev` namespace**: read-write (development — agents may use kubectl freely for testing, debugging, and iteration)
|
||||
- **Production (`privilegedescalation`)**: All changes go through the infra repo and Flux. Do not `kubectl apply` to production. Flux will revert manual changes.
|
||||
- **Development (`privilegedescalation-dev`)**: Agents may `kubectl apply`, `kubectl delete`, and use any mutating commands freely. This namespace is for testing and validation before committing to the infra repo.
|
||||
- **Headlamp**: Production Headlamp runs in `kube-system`. Development/testing Headlamp instances go in `privilegedescalation-dev`. Never deploy test plugins to the production Headlamp in `kube-system`.
|
||||
- If you need a production infrastructure change, create a PR against the infra repo (or create a Paperclip issue for the agent who owns infra).
|
||||
|
||||
## Git Workflow
|
||||
|
||||
Reference in New Issue
Block a user