Skip to content

Commit

Permalink
docs(capsule-flux): remove no longer needed clusterrole for ns patch
Browse files Browse the repository at this point in the history 
Signed-off-by: Massimiliano Giovagnoli <[email protected]>
  • Loading branch information
@maxgio92
maxgio92 committed Aug 29, 2022
1 parent 6d56237 commit d02578d
Showing 1 changed file with 0 additions and 29 deletions.
29 changes: 0 additions & 29 deletions docs/content/guides/flux2-capsule.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,35 +279,6 @@ this is the required set of resources to setup a Tenant:
userGroups:
- system:serviceaccounts:my-tenant
```
- Additional `ClusterRole` with related `ClusterRoleBinding` that allows to `PATCH` requests on Namespaces, besides `CREATE`. Flux kustomize controller will `kubectl-apply` resources:

```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: capsule-namespace-provisioner-gitops
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: capsule-namespace-provisioner-gitops-my-tenant
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: capsule-namespace-provisioner-gitops
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts:my-tenant
```

- Additional `ClusterRole` with related `ClusterRoleBinding` that allows the Tenant GitOps Reconciler to impersonate his own `User` (e.g. `system:serviceaccount:my-tenant:gitops-reconciler`):
```yaml
apiVersion: rbac.authorization.k8s.io/v1
Expand Down

0 comments on commit d02578d

Please sign in to comment.