Balazs Zachar
Balazs Zachar
@yiannistri, maybe I am missing the connection but our concern is about the permissions that are required for the impersonated user and not for the SA of weave-gitops. Our users...
@yiannistri thanks for the confirmation. When I am dealing with RBAC, I use this tool heavily: https://github.com/liggitt/audit2rbac I thought to mention it in case you do not know it. If...
Checking on this as this still makes `weave-gitops` unusable when flux multi-tenancy and OIDC is enabled for the cluster and for `weave-gitops`.
@bigkevmcd, we run into the same issue. The proposed solution sounds great and flexible.
@yeazelm This looks awesome. We will give it a try in our env once it is ready.
This would be awesome. It would be also nice to keep in mind that some custom CNI (like Cilium) requires to have a cluster without kube-proxy to be able to...
Workaround in case someone run into this: Set up a VS in apache that serves the file based on source IP ``` # cat /etc/httpd/conf.d/eks-serving-files-vs.conf ServerName eks-a-admin01.example.com ServerAlias ip.of.admin.host DocumentRoot...
This could be also part of it: https://github.com/aws/eks-anywhere/issues/7106
Note: this will also prevent Cilium Enterprise users to use several important features of Cilium.
Seems this can be done already if one manually deploys the operator. We are deploying through helm and it seems it would be quite complex to achieve everything through that....