claude/k8s-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
k8s-apps/apps/argocd-config
History
Claude f71c583d69
All checks were successful
AI Review / AI Code Review (pull_request) Successful in 1s
Details
PR Checks / Validate & Security Scan (pull_request) Successful in 8s
Details
Phase 16: fine-grained RBAC (infra-operators) + DB rotation prep 
- Add infra-operators group to Keycloak realm
- Add K8s RBAC: operators get full CRUD in dev/staging, readonly in prod,
  cluster-level readonly for nodes/namespaces/storage, no infra ns access
- Update ArgoCD RBAC: operators → role:readonly
- Update oauth2-proxy: allow infra-operators group
- Add PostgreSQL NodePort (35432) for OpenBao Database engine access
- Update NetworkPolicy: allow NodePort traffic from node CIDR
- Extend keycloak-secrets-manager Role: statefulset get/patch for rotation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 15:33:23 +01:00
..
argocd-cm-patch.yaml
feat(keycloak): move to localhost:30880 via SSH tunnel
2026-02-16 21:37:42 +01:00
argocd-rbac-cm.yaml
Phase 16: fine-grained RBAC (infra-operators) + DB rotation prep
2026-02-19 15:33:23 +01:00