Skip to content
/ locked-down-flux Public
forked from zeeZ/locked-down-flux

Running weaveworks/flux with least privileges

0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

2opremio/locked-down-flux

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
flux-system
flux-system
 
 
helloworld-flux
helloworld-flux
 
 
helloworld-rbac
helloworld-rbac
 
 
helloworld2-flux
helloworld2-flux
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

This repository is an attempt to lock down weaveowrks/flux as much as possible without error messages from Flux.

flux-system/ contains a Flux deployment that is limited to resources in the helloworld namespace.

helloworld-rbac/ contains the namespace and minimum Role and RoleBinding necessary to give Flux access to manage the simple hello world service defined in helloworld-flux/.

Setup

Deploy Flux to the cluster:

kubectl apply -f flux-system -f helloworld-rbac

This will create two namespaces:

  • flux-system with deployments for memcached and Flux limited to the other namespace,
  • helloworld, which contains a Role giving Flux permissions required to manage our hello world service

Point fluxctl at our Flux instance and print the SSH key:

export FLUX_FORWARD_NAMESPACE=flux-system
export FLUX_FORWARD_LABELS="app=flux,component=weave-flux"

fluxctl identity

Flux should now be able to just manage our hello world service without giving any errors.

About

Running weaveworks/flux with least privileges

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published