chore(backstage): Added SA for backstage to ArgoCD
This commit is contained in:
Daniël Groothuis
13
manifests/artemis/argocd/backstage-rbac.yaml
Normal file
13
manifests/artemis/argocd/backstage-rbac.yaml
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: backstage-argocd-server-access
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: backstage-argocd
|
||||||
|
namespace: argocd
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: argocd-server
|
||||||
6
manifests/artemis/argocd/backstage-sa.yaml
Normal file
6
manifests/artemis/argocd/backstage-sa.yaml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: backstage-argocd
|
||||||
|
namespace: argocd
|
||||||
@@ -8,6 +8,8 @@ resources:
|
|||||||
- github.com/argoproj/argo-cd/manifests/cluster-install?ref=v3.2.0
|
- github.com/argoproj/argo-cd/manifests/cluster-install?ref=v3.2.0
|
||||||
- ingressRoute.yaml
|
- ingressRoute.yaml
|
||||||
- certificate.yaml
|
- certificate.yaml
|
||||||
|
- backstage-sa.yaml
|
||||||
|
- backstage-rbac.yaml
|
||||||
|
|
||||||
patches:
|
patches:
|
||||||
- target:
|
- target:
|
||||||
@@ -120,17 +122,6 @@ patches:
|
|||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
name: argocd-server
|
name: argocd-server
|
||||||
|
|
||||||
# Backstage ServiceAccount
|
|
||||||
- target:
|
|
||||||
kind: ServiceAccount
|
|
||||||
name: backstage-argocd
|
|
||||||
patch: |-
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
name: backstage-argocd
|
|
||||||
namespace: argocd
|
|
||||||
|
|
||||||
# Map Backstage SA to Argo CD role:admin (full Argo CD permissions)
|
# Map Backstage SA to Argo CD role:admin (full Argo CD permissions)
|
||||||
- target:
|
- target:
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
@@ -150,22 +141,3 @@ patches:
|
|||||||
p, argocd_users, applications, get, *, allow
|
p, argocd_users, applications, get, *, allow
|
||||||
# Backstage SA -> role:admin
|
# Backstage SA -> role:admin
|
||||||
g, system:serviceaccount:argocd:backstage-argocd, role:admin
|
g, system:serviceaccount:argocd:backstage-argocd, role:admin
|
||||||
|
|
||||||
# Optional: bind Backstage SA to argocd-server ClusterRole for Kubernetes-level API verbs Argo CD server uses
|
|
||||||
# If you only need Argo CD RBAC, you can omit this block
|
|
||||||
- target:
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
name: backstage-argocd-server-access
|
|
||||||
patch: |-
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: backstage-argocd-server-access
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: backstage-argocd
|
|
||||||
namespace: argocd
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: argocd-server
|
|
||||||
|
|||||||
Reference in New Issue
Block a user