titan-iac/services/maintenance/ariadne-rbac.yaml

# services/maintenance/ariadne-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: ariadne-job-spawner
rules:
  - apiGroups: ["batch"]
    resources:
      - jobs
      - cronjobs
    verbs:
      - get
      - list
      - watch
      - create
  - apiGroups: [""]
    resources:
      - pods
    verbs:
      - get
      - list
      - watch
      - delete
  - apiGroups: [""]
    resources:
      - nodes
      - namespaces
    verbs:
      - get
      - list
      - watch
  - apiGroups: [""]
    resources:
      - pods/exec
    verbs:
      - get
      - create
  - apiGroups: ["kustomize.toolkit.fluxcd.io"]
    resources:
      - kustomizations
    verbs:
      - get
      - list
      - watch

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: ariadne-job-spawner
subjects:
  - kind: ServiceAccount
    name: ariadne
    namespace: maintenance
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ariadne-job-spawner
maintenance: extend Ariadne schedules and RBAC 2026-01-20 03:01:59 -03:00			`# services/maintenance/ariadne-rbac.yaml`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`name: ariadne-job-spawner`
			`rules:`
			`- apiGroups: ["batch"]`
			`resources:`
			`- jobs`
rbac: allow ariadne to read cronjobs 2026-01-21 03:05:53 -03:00			`- cronjobs`
maintenance: extend Ariadne schedules and RBAC 2026-01-20 03:01:59 -03:00			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- create`
maintenance: wire ariadne db and dashboards 2026-01-20 23:03:39 -03:00			`- apiGroups: [""]`
			`resources:`
			`- pods`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- delete`
comms: sync atlas knowledge and use ariadne state 2026-01-26 03:32:17 -03:00			`- apiGroups: [""]`
			`resources:`
			`- nodes`
			`- namespaces`
			`verbs:`
			`- get`
			`- list`
			`- watch`
maintenance: wire ariadne db and dashboards 2026-01-20 23:03:39 -03:00			`- apiGroups: [""]`
			`resources:`
			`- pods/exec`
			`verbs:`
maintenance: fix ariadne comms endpoints and exec RBAC 2026-01-21 04:05:41 -03:00			`- get`
maintenance: wire ariadne db and dashboards 2026-01-20 23:03:39 -03:00			`- create`
comms: sync atlas knowledge and use ariadne state 2026-01-26 03:32:17 -03:00			`- apiGroups: ["kustomize.toolkit.fluxcd.io"]`
			`resources:`
			`- kustomizations`
			`verbs:`
			`- get`
			`- list`
			`- watch`
maintenance: extend Ariadne schedules and RBAC 2026-01-20 03:01:59 -03:00
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
			`name: ariadne-job-spawner`
			`subjects:`
			`- kind: ServiceAccount`
			`name: ariadne`
			`namespace: maintenance`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: ariadne-job-spawner`