vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
284dc650c4a796149a8c873998e3472735a2a1ef
domain/apps/code-server/rbac.tf
Sébastien Huss 284dc650c4 first commit
2023-07-14 11:51:07 +02:00

79 lines
2.1 KiB
HCL
Raw Blame History

resource "kubectl_manifest" "sa" {
yaml_body = <<-EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
EOF
}
resource "kubectl_manifest" "role" {
count = var.admin.namespace?1:0
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
rules:
- apiGroups: ['*']
resources: ['*']
verbs: ['*']
EOF
}
resource "kubectl_manifest" "rb" {
count = var.admin.namespace?1:0
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
namespace: "${var.namespace}"
name: "${var.component}-${var.instance}"
subjects:
- kind: ServiceAccount
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
EOF
}
resource "kubectl_manifest" "clusterrole" {
count = var.admin.cluster?1:0
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "${var.component}-${var.namespace}-${var.instance}"
labels: ${jsonencode(local.common-labels)}
rules:
- apiGroups: ['*']
resources: ['*']
verbs: ['*']
EOF
}
resource "kubectl_manifest" "crb" {
count = var.admin.cluster?1:0
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: "${var.component}-${var.namespace}-${var.instance}"
labels: ${jsonencode(local.common-labels)}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "${var.component}-${var.namespace}-${var.instance}"
subjects:
- kind: ServiceAccount
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
EOF
}
Reference in New Issue View Git Blame Copy Permalink