feat: Add password confirmation for worker scaling + RBAC

- Add /api/auth/verify-password endpoint for re-authentication - Add PasswordConfirmModal component for sensitive actions - Worker scaling (+/-) now requires password confirmation - Add RBAC (ServiceAccount, Role, RoleBinding) for scraper pod - Scraper pod can now read/scale worker deployment via k8s API 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-11 09:16:27 -07:00
parent 2a9ae61dce
commit a880c41d89
6 changed files with 235 additions and 3 deletions
--- a/k8s/scraper-rbac.yaml
+++ b/k8s/scraper-rbac.yaml
@@ -0,0 +1,36 @@
+# RBAC configuration for scraper pod to control worker scaling
+# Allows the scraper to read and scale the scraper-worker deployment
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: scraper-sa
+  namespace: dispensary-scraper
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: worker-scaler
+  namespace: dispensary-scraper
+rules:
+  # Allow reading deployment status
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    verbs: ["get", "list"]
+  # Allow scaling deployments (read/write the scale subresource)
+  - apiGroups: ["apps"]
+    resources: ["deployments/scale"]
+    verbs: ["get", "patch", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: scraper-worker-scaler
+  namespace: dispensary-scraper
+subjects:
+  - kind: ServiceAccount
+    name: scraper-sa
+    namespace: dispensary-scraper
+roleRef:
+  kind: Role
+  name: worker-scaler
+  apiGroup: rbac.authorization.k8s.io
--- a/k8s/scraper.yaml
+++ b/k8s/scraper.yaml
@@ -25,6 +25,7 @@ spec:
      labels:
        app: scraper
    spec:
+      serviceAccountName: scraper-sa
      imagePullSecrets:
        - name: regcred
      containers: