infra

Viktor Barzin 317989f9d5 feat(rbac): per-namespace-owner dashboard SA + long-lived token Pragmatic dashboard access while OIDC SSO is blocked: each namespace-owner (from k8s_users) gets a ServiceAccount scoped to admin on their namespace(s) + cluster read-only, plus a long-lived token to paste into the dashboard 'Token' login. Real per-namespace isolation, no apiserver-OIDC dependency. Verified: vabbit81 SA = admin in vabbit81, read-only elsewhere, no cross-ns write. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-05 09:19:10 +00:00
..
rbac	feat(rbac): per-namespace-owner dashboard SA + long-lived token	2026-06-05 09:19:10 +00:00

Viktor Barzin 317989f9d5 feat(rbac): per-namespace-owner dashboard SA + long-lived token

Pragmatic dashboard access while OIDC SSO is blocked: each namespace-owner
(from k8s_users) gets a ServiceAccount scoped to admin on their namespace(s)
+ cluster read-only, plus a long-lived token to paste into the dashboard
'Token' login. Real per-namespace isolation, no apiserver-OIDC dependency.
Verified: vabbit81 SA = admin in vabbit81, read-only elsewhere, no cross-ns write.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-05 09:19:10 +00:00

rbac

feat(rbac): per-namespace-owner dashboard SA + long-lived token

2026-06-05 09:19:10 +00:00