Skip to content

Commit 45e5ff7

Browse files
committed
Delete all group-sync resources
KFLUXINFRA-3287
1 parent ad876eb commit 45e5ff7

29 files changed

Lines changed: 80 additions & 245 deletions

components/cluster-secret-store/base/appsre-stonesoup-vault-secret-store.yaml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,6 @@ spec:
2828
conditions:
2929
- namespaces:
3030
- codecov
31-
- group-sync-operator
3231
- internal-services
3332
- konflux-devlake
3433
- openshift-logging

components/iam/OWNERS

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
# See the OWNERS docs: https://go.k8s.io/owners
2+
3+
approvers:
4+
- hugares
5+
- enkeefe00
6+
- sadlerap
7+
- filariow
8+
- mshaposhnik
9+
- manish-jangra
10+
11+
reviewers:
12+
- hugares
13+
- enkeefe00
14+
- sadlerap
15+
- filariow
16+
- mshaposhnik
17+
- manish-jangra

components/iam/README.md

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
# IAM
2+
3+
The Identity Access Management (IAM) component contains manifests for **identity and access management** on Konflux **common clusters**, defining OpenShift **ClusterRoles** and **ClusterRoleBindings** for Konflux Rover/LDAP groups.
4+
5+
## What gets deployed
6+
7+
### RBAC roles and bindings
8+
9+
| Manifest | Kind | Purpose |
10+
| --- | --- | --- |
11+
| `konflux-admins.yaml` | `ClusterRole` / `ClusterRoleBinding` | Elevated permissions on the management cluster (OpenShift platform, Tekton, Argo CD, JVM build service, etc.) |
12+
| `dev-can-sync.yaml` | `ClusterRole` / `ClusterRoleBinding` | View and sync Argo CD `Application`s; view projects, clusters, and repositories |
13+
| `component-maintainers.yaml` | `ClusterRole` | OLM `installplans`, pipeline `ServiceAccount` patch, Tekton `PipelineRun` cleanup, Tekton Results, port-forward |
14+
| `everyone-can-view.yaml` + patch | `ClusterRole` / `ClusterRoleBinding`| Shared view access for cluster version, compute, and cluster monitoring |
15+
16+
`everyone-can-view-patch.yaml` centralizes the list of Konflux Rover groups that receive the “everyone can view” bindings so the same group list is not duplicated across multiple bindings.
17+
18+
## Related components
19+
20+
- [rover-group-sync](../rover-group-sync/README.md)
21+
- [authentication](https://github.com/redhat-appstudio/infra-deployments/tree/main/components/authentication)
22+
- [k8s-groups component](https://github.com/redhat-appstudio/internal-infra-deployments/tree/main/components/k8s-groups)
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.

components/iam/base/external-secrets/konflux-ldap-sa.yaml

Lines changed: 0 additions & 21 deletions
This file was deleted.

components/iam/base/external-secrets/kustomization.yaml

Lines changed: 0 additions & 5 deletions
This file was deleted.

components/iam/base/external-secrets/mtls-ca-validators.yaml

Lines changed: 0 additions & 21 deletions
This file was deleted.

0 commit comments

Comments
 (0)