docs: initial docs for rbac

!2 #4

docs/projects/ansible/roles/kubernetes/firewall.md

@@ -1,5 +1,5 @@
 ---
-title: Firewall - nfc_kubernetes
+title: Firewall
 description: No Fuss Computings Ansible role nfc_kubernetes
 date: 2023-10-24
 template: project.html

docs/projects/ansible/roles/kubernetes/rbac.md

@@ -0,0 +1,37 @@
+---
+title: RBAC
+description: No Fuss Computings Ansible role nfc_kubernetes RBAC documentation.
+date: 2023-10-29
+template: project.html
+about: https://gitlab.com/nofusscomputing/projects/ansible/roles/kubernetes
+---
+
+As part of this roles workflow, A set of Clester Roles and Cluster Bindings are deployed and ready to use. The intent of these roles is to create a default set of roles that only require the authorization system to provide the users groups. As they have been defined as Cluster Roles you can bind to both cluster and/or namespace.  
+A minimum access required princible has been adopted in the creation of these roles. With the roles designed to be for whom would access/use the cluster (An End user).
+
+!!! tip
+    All Deployed `ClusterRole` include a labels `authorization/description` and `authorization/target` explaining their intended purpose and where they a recommended for binding.
+
+
+Currently the following roles are deployed as part of this Anible role:
+
+- authorization:namespace:read
+
+    > Full read access to all objects except secrets
+
+- authorization:full
+
+    > Full read/write access to all objects including secrets
+
+- authorization:namespace:owner
+
+    > Full read/write access to all objects including secrets
+
+- authorization:cluster:view-metrics
+
+    > View node and pod metrics
+
+- **[ToDo-#6](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/6)** authorization:cluster:admin
+
+    > Configure the cluster with this not including anything that can be deployed.
+

mkdocs.yml

@@ -39,6 +39,8 @@ nav:
 
         - projects/ansible/roles/kubernetes/firewall.md
 
+        - projects/ansible/roles/kubernetes/rbac.md
+
 
 - Operations: 
 

templates/kubernetes-manifest-rbac.yaml.j2

@@ -13,7 +13,7 @@ metadata:
     app.kubernetes.io/part-of: nfc_kubernetes
     app.kubernetes.io/managed-by: ansible
     app.kubernetes.io/version: ''
-  name: authorization:common:full
+  name: authorization:full
 rules:
 - apiGroups:
     - "*"
@@ -37,7 +37,7 @@ metadata:
     app.kubernetes.io/part-of: nfc_kubernetes
     app.kubernetes.io/managed-by: ansible
     app.kubernetes.io/version: ''
-  name: authorization:common:namespace:read
+  name: authorization:namespace:read
 rules:
   - apiGroups: # Get Metrics
       - metrics.k8s.io
@@ -88,7 +88,7 @@ metadata:
     app.kubernetes.io/part-of: nfc_kubernetes
     app.kubernetes.io/managed-by: ansible
     app.kubernetes.io/version: ''
-  name: authorization:common:namespace:owner
+  name: authorization:namespace:owner
 rules:
   - apiGroups: # Read-only access to resrouces
       - "*"
@@ -122,7 +122,7 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: authorization:common:cluster:view-metrics
+  name: authorization:cluster:view-metrics
 rules:
 - apiGroups:
     - metrics.k8s.io
@@ -144,7 +144,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: authorization:common:namespace:read
+  name: authorization:namespace:read
 subjects:
 - kind: Group
   name: administrators
@@ -163,7 +163,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: authorization:common:cluster:view-metrics
+  name: authorization:cluster:view-metrics
 subjects:
   - apiGroup: rbac.authorization.k8s.io
     kind: Group