fix

2024-05-09 12:15:27 +02:00
parent 89c17cb483
commit 599d175f82
31 changed files with 830 additions and 866 deletions
--- a/apps/okd/rbac.tf
+++ b/apps/okd/rbac.tf
@@ -6,7 +6,7 @@ resource "kubectl_manifest" "okd_sa" {
    apiVersion: v1
    kind: ServiceAccount
    metadata:
-      name: "${var.component}-${var.instance}"
+      name: "${var.instance}-${var.component}"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common-labels)}
  EOF
@@ -18,7 +18,7 @@ resource "kubectl_manifest" "okd_crb_admin" {
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
-      name: "${var.namespace}-${var.component}-${var.instance}"
+      name: "${var.namespace}-${var.instance}-${var.component}"
      labels: ${jsonencode(local.common-labels)}
    roleRef:
      apiGroup: rbac.authorization.k8s.io
@@ -26,7 +26,7 @@ resource "kubectl_manifest" "okd_crb_admin" {
      name: cluster-admin
    subjects:
    - kind: ServiceAccount
-      name: "${var.component}-${var.instance}"
+      name: "${var.instance}-${var.component}"
      namespace: "${var.namespace}"
  EOF
 }
@@ -37,7 +37,7 @@ resource "kubectl_manifest" "okd_roles" {
    apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
-      name: "${var.namespace}-${var.component}-${var.instance}"
+      name: "${var.namespace}-${var.instance}-${var.component}"
      namespace: "${local.sorted-namespaces[count.index]}"
      labels: ${jsonencode(local.common-labels)}
    rules:
@@ -53,16 +53,16 @@ resource "kubectl_manifest" "okd_role_bindings" {
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
-      name: "${var.namespace}-${var.component}-${var.instance}"
+      name: "${var.namespace}-${var.instance}-${var.component}"
      namespace: "${local.sorted-namespaces[count.index]}"
      labels: ${jsonencode(local.common-labels)}
    subjects:
    - kind: ServiceAccount
-      name: "${var.component}-${var.instance}"
+      name: "${var.instance}-${var.component}"
      namespace: "${var.namespace}"
    roleRef:
      kind: Role
-      name: "${var.namespace}-${var.component}-${var.instance}"
+      name: "${var.namespace}-${var.instance}-${var.component}"
      apiGroup: rbac.authorization.k8s.io
  EOF
 }
@@ -73,7 +73,7 @@ resource "kubectl_manifest" "okd_clusterrole" {
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
-      name: "${var.namespace}-${var.component}-${var.instance}-list"
+      name: "${var.namespace}-${var.instance}-${var.component}-list"
      labels: ${jsonencode(local.common-labels)}
    rules:
    - apiGroups: [""]
@@ -92,16 +92,16 @@ resource "kubectl_manifest" "okd_clusterrole_bindings" {
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
-      name: "${var.namespace}-${var.component}-${var.instance}-list"
+      name: "${var.namespace}-${var.instance}-${var.component}-list"
      namespace: "${local.sorted-namespaces[count.index]}"
      labels: ${jsonencode(local.common-labels)}
    subjects:
    - kind: ServiceAccount
-      name: "${var.component}-${var.instance}"
+      name: "${var.instance}-${var.component}"
      namespace: "${var.namespace}"
    roleRef:
      kind: ClusterRole
-      name: "${var.namespace}-${var.component}-${var.instance}-list"
+      name: "${var.namespace}-${var.instance}-${var.component}-list"
      apiGroup: rbac.authorization.k8s.io
  EOF
 }