Skip to content
This repository has been archived by the owner on Jan 23, 2024. It is now read-only.

Latest commit

 

History

History
33 lines (20 loc) · 1.07 KB

README.md

File metadata and controls

33 lines (20 loc) · 1.07 KB
Raw

This repository is an attempt to lock down weaveowrks/flux as much as possible without error messages from Flux.

flux-system/ contains a Flux deployment that is limited to resources in the helloworld namespace.

helloworld-rbac/ contains the namespace and minimum Role and RoleBinding necessary to give Flux access to manage the simple hello world service defined in helloworld-flux/.

Setup

Deploy Flux to the cluster:

kubectl apply -f flux-system -f helloworld-rbac

This will create two namespaces:

  • flux-system with deployments for memcached and Flux limited to the other namespace,
  • helloworld, which contains a Role giving Flux permissions required to manage our hello world service

Point fluxctl at our Flux instance and print the SSH key:

export FLUX_FORWARD_NAMESPACE=flux-system
export FLUX_FORWARD_LABELS="app=flux,component=weave-flux"

fluxctl identity

Flux should now be able to just manage our hello world service without giving any errors.