Documenting the permission system of Flux

[dholbach]

Flux and the GitOps toolkit leverages RBAC to control permissions. Flux creates a complex RBAC set up (and the set up based on the new impersonation will be even more complex) and this role/permission set up is not well-documented. In order to get an understanding of the RBAC set up it is currently required to inspect the implementation of RBAC yaml files themselves. We consider this to be a significant issue since the RBAC roles and Flux will be deployed within a cluster running potentially sensitive operations.

Provide a conceptual description of the permission system of Flux, preferably with schematic to make it easy for a reader to quickly understand what the roles, resources and permissions are in the Flux system. Highlight in particular:

• What RBAC roles are used
• What resources are used by the roles and the permissions on these resources
• Whether Flux asks for more than necessary to ease implementation.
• If the RBAC system is modifiable to create a more secure model.
• The effect that the RBAC implementation of Flux has on the entire state of the cluster.

[dholbach]

#598 is the meta tracking issue.