fix(ci): grant ci-deployer Endpoints write (admin role excludes it)
ci / tc_portal (push) Has been skipped
ci / tc_operator (push) Has been skipped
ci / tc_website (push) Has been skipped
ci / build_portal (push) Has been skipped
ci / changes (push) Successful in 4s
ci / tc_booking (push) Has been skipped
ci / tc_platform_api (push) Has been skipped
ci / test_platform_api (push) Has been skipped
ci / build_booking (push) Has been skipped
ci / build_operator (push) Has been skipped
ci / build_platform_api (push) Has been skipped
ci / deploy (push) Successful in 7s
ci / tc_portal (push) Has been skipped
ci / tc_operator (push) Has been skipped
ci / tc_website (push) Has been skipped
ci / build_portal (push) Has been skipped
ci / changes (push) Successful in 4s
ci / tc_booking (push) Has been skipped
ci / tc_platform_api (push) Has been skipped
ci / test_platform_api (push) Has been skipped
ci / build_booking (push) Has been skipped
ci / build_operator (push) Has been skipped
ci / build_platform_api (push) Has been skipped
ci / deploy (push) Successful in 7s
The deploy failed creating the selectorless stalwart-http Service's Endpoints: since the CVE-2021-25740 hardening the namespaced 'admin' role no longer grants write on legacy Endpoints. Explicit endpoints + endpointslices rules on the ci-deployer role (already applied live); manifest comment touch retriggers the infra apply.
This commit is contained in:
Ronni Baslund
@@ -15,6 +15,9 @@
|
||||
#
|
||||
# Customer domains (autodiscover.<customer>.tld) need per-domain certs and an
|
||||
# automated Ingress/Certificate per verified domain — follow-up feature.
|
||||
#
|
||||
# NB: the ci-deployer Role carries explicit Endpoints write — the namespaced
|
||||
# 'admin' role stopped granting it (CVE-2021-25740 hardening).
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
|
||||
Reference in New Issue
Block a user