vynil/domain-incoming
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
domain-incoming/monitor/pvc-autoresizer/autoresizer_rbac.tf
Sébastien Huss 61a06511a6 fix
2024-05-14 18:56:02 +02:00

142 lines
2.9 KiB
HCL
Raw Permalink Blame History

resource "kubectl_manifest" "ServiceAccount" {
yaml_body = <<-EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: "${var.instance}-${var.component}"
namespace: ${var.namespace}
labels: ${jsonencode(local.common_labels)}
EOF
}
resource "kubectl_manifest" "ClusterRole" {
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "${var.namespace}-${var.instance}-${var.component}"
labels: ${jsonencode(local.common_labels)}
rules:
- apiGroups:
- ''
resources:
- events
verbs:
- create
- get
- list
- watch
- apiGroups:
- ''
resources:
- persistentvolumeclaims
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- create
- get
- list
- watch
- update
EOF
}
resource "kubectl_manifest" "ClusterRoleBinding" {
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: "${var.namespace}-${var.instance}-${var.component}"
labels: ${jsonencode(local.common_labels)}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ${kubectl_manifest.ClusterRole.name}
subjects:
- kind: ServiceAccount
name: ${kubectl_manifest.ServiceAccount.name}
namespace: ${var.namespace}
EOF
}
resource "kubectl_manifest" "Role" {
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "${var.instance}-${var.component}"
namespace: ${var.namespace}
labels: ${jsonencode(local.common_labels)}
rules:
- apiGroups:
- ''
- coordination.k8s.io
resources:
- configmaps
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
EOF
}
resource "kubectl_manifest" "RoleBinding" {
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "${var.instance}-${var.component}"
namespace: ${var.namespace}
labels: ${jsonencode(local.common_labels)}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ${kubectl_manifest.Role.name}
subjects:
- kind: ServiceAccount
name: ${kubectl_manifest.ServiceAccount.name}
namespace: ${var.namespace}
EOF
}
Reference in New Issue View Git Blame Copy Permalink