weaveworks
docs: Delivery UI permissions
What changed? Documentation
Why was this change made? To explain how to setup permissions for Delivery UI
How was this change implemented? N/A
How did you validate the change? N/A
Release notes N/A
Documentation Changes N/A
@SamLR - if you have a chance to take a look at this PR that would be great - in particular, now that we the user permissions doc as well, whether you agree this is the right place for this content.
The intention of this page wasn't so much in-depth discussion of which permissions were needed to run gitops and why (that's left to the service-account/user permission pages) but to cover a high level view of how to configure OIDC and kubernetes RBAC to work well with gitops.
With that said I think this should probably be split between either service-account and user pages or, possibly, a dedicated enterprise permissions page (as we should probably have similar documentation for the CAPI & policy features of enterprise)
Just realised that we need to backport these to 0.9.1 onwards. Once we're happy with the content, I'll update previous versions.
I can try to review by e.o.d Wednesday, but please don't hold on my account if someone else is able to review beforehand 👍
additionally, a suggested update would be to reference this page from here as well https://docs.gitops.weave.works/docs/configuration/recommended-rbac-configuration/. In particular the note:
These recommendations are for Weave GitOps Core. A similar system can be used within Enterprise but it would need to be adapted to account for multi-cluster configurations and is beyond the scope of this document.