Skip to main content
Version: 0.30.0

Authorization Enterprise

caution

This feature is in alpha and certain aspects will change

We're very excited for people to use this feature. However, please note that changes in the API, behaviour and security will evolve. The feature is suitable to use in controlled testing environments.

To view pipelines, users need read access to the pipeline resource and the underlying application resources. This sample configuration shows a recommended way to configure RBAC to provide such access. The pipeline-reader role and the search-pipeline-reader role-binding allow a group search-developer to access pipeline resources within the search namespace.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: pipeline-reader
rules:
- apiGroups: [ "pipelines.weave.works" ]
resources: [ "pipelines" ]
verbs: [ "get", "list", "watch"]
- apiGroups: ["helm.toolkit.fluxcd.io"]
resources: [ "helmreleases" ]
verbs: [ "get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: search-pipeline-reader
namespace: search
subjects:
- kind: Group
name: search-developer
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: pipeline-reader
apiGroup: rbac.authorization.k8s.io