20 lines
729 B
YAML
20 lines
729 B
YAML
# OIDC users in Authentik group **noble-admins** (claim **groups**) get the same cluster access as the Headlamp
|
|
# ServiceAccount binding (**edit**). Requires kube-apiserver **oidc-*** extraArgs (see **talos/talconfig.yaml**).
|
|
# If your IdP omits **groups** from the id_token, add a **groups** scope/mapping in Authentik or bind **User** subjects instead.
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: headlamp-oidc-noble-admins
|
|
labels:
|
|
app.kubernetes.io/name: headlamp
|
|
app.kubernetes.io/component: oidc-rbac
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: edit
|
|
subjects:
|
|
- apiGroup: rbac.authorization.k8s.io
|
|
kind: Group
|
|
name: noble-admins
|