0960b17eb2
v0.2 - Real Workspaces: - Project-specific claudebox StatefulSets (pantheon, aeries) - Init containers for git clone via SSH - Deploy key secrets template - Project ConfigMaps for CLAUDE.md v0.3 - Git Integration: - Dockerfile with rdev-bot git identity - openssh-client for SSH operations - Image version bump to v0.3.0 v0.4 - API Server: - Go REST API with chi router - Endpoints: /projects, /claude, /shell, /git, /events - SSE streaming for real-time output - OpenAPI docs via Scalar at /docs - Kubernetes RBAC for pod exec - Executor and project registry packages Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
53 lines
1.1 KiB
YAML
53 lines
1.1 KiB
YAML
# RBAC for rdev-api to exec into claudebox pods
|
|
# v0.4 - API Server
|
|
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: rdev-api
|
|
namespace: rdev
|
|
labels:
|
|
app.kubernetes.io/name: rdev-api
|
|
app.kubernetes.io/part-of: rdev
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: rdev-api
|
|
namespace: rdev
|
|
labels:
|
|
app.kubernetes.io/name: rdev-api
|
|
app.kubernetes.io/part-of: rdev
|
|
rules:
|
|
# List and get pods (for project discovery and status)
|
|
- apiGroups: [""]
|
|
resources: ["pods"]
|
|
verbs: ["get", "list", "watch"]
|
|
|
|
# Execute commands in pods
|
|
- apiGroups: [""]
|
|
resources: ["pods/exec"]
|
|
verbs: ["create"]
|
|
|
|
# Read pod logs (for debugging)
|
|
- apiGroups: [""]
|
|
resources: ["pods/log"]
|
|
verbs: ["get"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: rdev-api
|
|
namespace: rdev
|
|
labels:
|
|
app.kubernetes.io/name: rdev-api
|
|
app.kubernetes.io/part-of: rdev
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: rdev-api
|
|
namespace: rdev
|
|
roleRef:
|
|
kind: Role
|
|
name: rdev-api
|
|
apiGroup: rbac.authorization.k8s.io
|