Skip to content

Commit

Permalink
Allow Powerusers to list Namespaces...
Browse files Browse the repository at this point in the history 
...as we intend to limit the number of "full admins", Powerusers need
 to be able to do things like get/list namespaces in EKS.
  • Loading branch information
@dj-maisy
dj-maisy committed Dec 16, 2024
1 parent 1e7a246 commit 9db81f0
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions terraform/deployments/cluster-services/aws_auth_configmap.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,11 +127,18 @@ resource "kubernetes_cluster_role_binding" "read_crs_and_crbs" {

resource "kubernetes_cluster_role" "poweruser" {
metadata { name = "poweruser" }

rule {
api_groups = ["*"]
resources = ["*"]
verbs = ["*"]
}

rule {
api_groups = [""]
resources = ["namespaces"]
verbs = ["get", "list"]
}
}

resource "kubernetes_role_binding" "poweruser" {
Expand Down

0 comments on commit 9db81f0

Please sign in to comment.