viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks/rbac/modules/rbac
History
Viktor Barzin 317989f9d5 feat(rbac): per-namespace-owner dashboard SA + long-lived token 
Pragmatic dashboard access while OIDC SSO is blocked: each namespace-owner
(from k8s_users) gets a ServiceAccount scoped to admin on their namespace(s)
+ cluster read-only, plus a long-lived token to paste into the dashboard
'Token' login. Real per-namespace isolation, no apiserver-OIDC dependency.
Verified: vabbit81 SA = admin in vabbit81, read-only elsewhere, no cross-ns write.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-05 09:19:10 +00:00
..
apiserver-oidc.tf feat(rbac): apiserver multi-issuer OIDC via structured AuthenticationConfiguration 2026-06-05 09:19:09 +00:00
audit-policy.tf extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
dashboard-sa.tf feat(rbac): per-namespace-owner dashboard SA + long-lived token 2026-06-05 09:19:10 +00:00
etcd-tuning.tf Reduce disk write amplification across cluster (~200-350 GB/day savings) [ci skip] 2026-04-09 19:01:21 +00:00
main.tf extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00