viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks/k8s-dashboard
History
Viktor Barzin e436af8d8c fix(k8s-dashboard): drop group-restriction policy; RBAC is the gate 
The Authentik group policy denied admins: it gated on kubernetes-* group
membership, but cluster access is email-based RBAC (User bindings from
k8s_users), not group-based. vbarzin@gmail.com (Home Server Admins) gets
cluster-admin via oidc-admin-vbarzin but isn't in any kubernetes-* group,
so the gate locked him out. Apiserver RBAC is now the sole gate — matching
the kubelogin CLI (authenticate freely, RBAC decides actions).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-05 09:19:09 +00:00
..
.terraform.lock.hcl Woodpecker CI deploy [CI SKIP] 2026-06-05 09:19:09 +00:00
authentik.tf fix(k8s-dashboard): drop group-restriction policy; RBAC is the gate 2026-06-05 09:19:09 +00:00
main.tf feat(k8s-dashboard): cut over ingress to oauth2-proxy SSO 2026-06-05 09:19:09 +00:00
oauth2_proxy.tf fix(k8s-dashboard): ignore Keel/tier drift on oauth2-proxy deployment 2026-06-05 09:19:09 +00:00
providers.tf feat(k8s-dashboard): add Authentik OIDC app for dashboard SSO 2026-06-05 09:19:07 +00:00
secrets [ci skip] Move Terraform modules into stack directories 2026-02-22 14:38:14 +00:00
terragrunt.hcl [ci skip] Phase 3: Create 66 service stacks and migrate state 2026-02-22 13:56:34 +00:00