FEAT(code-server): grant permissions

code-server/deployment-patch.yaml

@@ -1,37 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: code-server
-spec:
-  template:
-    spec:
-      securityContext:
-        fsGroup: 0
-        runAsUser: 0
-      containers:
-      - name: code-server
-        securityContext:
-          privileged: true
-          runAsUser: 0
-        env:
-        - name: KUBECONFIG
-          value: "/etc/rancher/k3s/k3s.yaml"
-        - name: PATH
-          value: "/usr/local/bin:/usr/bin:/bin:/sbin"
-        volumeMounts:
-        - name: host-k3s-config
-          mountPath: /etc/rancher/k3s
-          readOnly: true
-        - name: host-usr-local-bin
-          mountPath: /usr/local/bin
-          readOnly: true
-      volumes:
-      - name: host-k3s-config
-        hostPath:
-          path: /etc/rancher/k3s
-          type: Directory
-      - name: host-usr-local-bin
-        hostPath:
-          path: /usr/local/bin
-          type: Directory
-

code-server/kustomization.yaml

@@ -5,9 +5,4 @@ resources:
   # ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
   # - argocd/code-server.yaml
   - vault/code-server-password.yaml
-
+  - rbac.yaml
-patches:
-  - path: deployment-patch.yaml
-    target:
-      kind: Deployment
-      name: code-server

code-server/rbac.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: code-server-cluster-admin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: code-server
+  namespace: dev-tools
+