From a26cc8d77c473f2eac3903713e3ab8516f114ead Mon Sep 17 00:00:00 2001
From: Mayne0213 <bluemayne0213@icloud.com>
Date: Thu, 25 Dec 2025 01:21:10 +0900
Subject: [PATCH] FEAT(code-server): grant permissions

---
 code-server/deployment-patch.yaml | 37 -------------------------------
 code-server/kustomization.yaml    |  7 +-----
 code-server/rbac.yaml             | 13 +++++++++++
 3 files changed, 14 insertions(+), 43 deletions(-)
 delete mode 100644 code-server/deployment-patch.yaml
 create mode 100644 code-server/rbac.yaml

diff --git a/code-server/deployment-patch.yaml b/code-server/deployment-patch.yaml
deleted file mode 100644
index 1f30a99..0000000
--- a/code-server/deployment-patch.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: code-server
-spec:
-  template:
-    spec:
-      securityContext:
-        fsGroup: 0
-        runAsUser: 0
-      containers:
-      - name: code-server
-        securityContext:
-          privileged: true
-          runAsUser: 0
-        env:
-        - name: KUBECONFIG
-          value: "/etc/rancher/k3s/k3s.yaml"
-        - name: PATH
-          value: "/usr/local/bin:/usr/bin:/bin:/sbin"
-        volumeMounts:
-        - name: host-k3s-config
-          mountPath: /etc/rancher/k3s
-          readOnly: true
-        - name: host-usr-local-bin
-          mountPath: /usr/local/bin
-          readOnly: true
-      volumes:
-      - name: host-k3s-config
-        hostPath:
-          path: /etc/rancher/k3s
-          type: Directory
-      - name: host-usr-local-bin
-        hostPath:
-          path: /usr/local/bin
-          type: Directory
-
diff --git a/code-server/kustomization.yaml b/code-server/kustomization.yaml
index 42f8068..9792a4d 100644
--- a/code-server/kustomization.yaml
+++ b/code-server/kustomization.yaml
@@ -5,9 +5,4 @@ resources:
   # ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
   # - argocd/code-server.yaml
   - vault/code-server-password.yaml
-
-patches:
-  - path: deployment-patch.yaml
-    target:
-      kind: Deployment
-      name: code-server
+  - rbac.yaml
diff --git a/code-server/rbac.yaml b/code-server/rbac.yaml
new file mode 100644
index 0000000..c2c8f2a
--- /dev/null
+++ b/code-server/rbac.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: code-server-cluster-admin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: code-server
+  namespace: dev-tools
+