fix

apps/okd/rbac.tf

@@ -0,0 +1,68 @@
+locals {
+  sorted-namespaces = reverse(distinct(sort(var.namespaces)))
+}
+resource "kubectl_manifest" "okd_sa" {
+  yaml_body  = <<-EOF
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      name: "${var.component}-${var.instance}"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common-labels)}
+  EOF
+}
+
+resource "kubectl_manifest" "okd_crb" {
+  count = var.cluster-admin ? 1 : 0
+  yaml_body  = <<-EOF
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+      name: "${var.namespace}-${var.component}-${var.instance}"
+      labels: ${jsonencode(local.common-labels)}
+    roleRef:
+      apiGroup: rbac.authorization.k8s.io
+      kind: ClusterRole
+      name: cluster-admin
+    subjects:
+    - kind: ServiceAccount
+      name: "${var.component}-${var.instance}"
+      namespace: "${var.namespace}"
+  EOF
+}
+
+resource "kubectl_manifest" "okd_roles" {
+  count = length(local.sorted-namespaces)
+  yaml_body  = <<-EOF
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+      name: "${var.namespace}-${var.component}-${var.instance}"
+      namespace: "${local.sorted-namespaces[count.index]}"
+      labels: ${jsonencode(local.common-labels)}
+    rules:
+    - apiGroups: ["*"]
+      resources: ["*"]
+      verbs:  ["*"]
+  EOF
+}
+
+resource "kubectl_manifest" "okd_role_bindings" {
+  count = length(local.sorted-namespaces)
+  yaml_body  = <<-EOF
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+      name: "${var.namespace}-${var.component}-${var.instance}"
+      namespace: "${local.sorted-namespaces[count.index]}"
+      labels: ${jsonencode(local.common-labels)}
+    subjects:
+    - kind: ServiceAccount
+      name: "${var.component}-${var.instance}"
+      namespace: "${var.namespace}"
+    roleRef:
+      kind: Role
+      name: "${var.namespace}-${var.component}-${var.instance}"
+      apiGroup: rbac.authorization.k8s.io
+  EOF
+}