vynil/domain-incoming
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2023-10-15 10:52:10 +02:00
parent e9ea7ee094
commit 5043ee0cda
2 changed files with 67 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
apps/okd/index.yaml
View File

@@ -6,6 +6,11 @@ metadata:
name: okd name: okd
description: null description: null
options: options:
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
namespaces: namespaces:
default: [] default: []
items: items:
@@ -16,36 +21,6 @@ options:
examples: examples:
- false - false
type: boolean type: boolean
ingress-class:
default: traefik
examples:
- traefik
type: string
app-group:
default: infra
examples:
- infra
type: string
domain:
default: your-company
examples:
- your-company
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
sub-domain:
default: okd
examples:
- okd
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
images: images:
default: default:
okd: okd:
@@ -89,6 +64,31 @@ options:
type: string type: string
type: object type: object
type: object type: object
ingress-class:
default: traefik
examples:
- traefik
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
sub-domain:
default: okd
examples:
- okd
type: string
domain:
default: your-company
examples:
- your-company
type: string
app-group:
default: infra
examples:
- infra
type: string
dependencies: dependencies:
- dist: null - dist: null
category: share category: share

38
apps/okd/rbac.tf
View File

@@ -12,7 +12,7 @@ resource "kubectl_manifest" "okd_sa" {
EOF EOF
} }
resource "kubectl_manifest" "okd_crb" { resource "kubectl_manifest" "okd_crb_admin" {
count = var.cluster-admin ? 1 : 0 count = var.cluster-admin ? 1 : 0
yaml_body = <<-EOF yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
@@ -66,3 +66,39 @@ resource "kubectl_manifest" "okd_role_bindings" {
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
EOF EOF
} }
resource "kubectl_manifest" "okd_clusterrole" {
count = length(local.sorted-namespaces)>0 ? 1 : 0
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "${var.namespace}-${var.component}-${var.instance}-list"
labels: ${jsonencode(local.common-labels)}
rules:
- apiGroups: [""]
resources: ["namespaces"]
resourceNames: ${jsonencode(local.sorted-namespaces)}
verbs: ["get", "list"]
EOF
}
resource "kubectl_manifest" "okd_clusterrole_bindings" {
count = length(local.sorted-namespaces)>0 ? 1 : 0
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "${var.namespace}-${var.component}-${var.instance}-list"
namespace: "${local.sorted-namespaces[count.index]}"
labels: ${jsonencode(local.common-labels)}
subjects:
- kind: ServiceAccount
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
roleRef:
kind: ClusterRole
name: "${var.namespace}-${var.component}-${var.instance}-list"
apiGroup: rbac.authorization.k8s.io
EOF
}