vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
94515871fa35233c3deac11e3113357f8e588ecc
domain/share/authentik/authentik_rbac.tf
Sébastien Huss 94515871fa fix
2024-05-23 13:21:16 +02:00

139 lines
2.8 KiB
HCL
Raw Blame History

resource "kubectl_manifest" "sa" {
yaml_body = <<-EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: authentik
namespace: ${var.namespace}
labels: ${jsonencode(local.worker_all_labels)}
EOF
}
resource "kubectl_manifest" "cr" {
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "${var.namespace}-${var.instance}-${var.component}"
labels: ${jsonencode(local.worker_all_labels)}
rules:
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- list
EOF
}
resource "kubectl_manifest" "crb" {
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ${kubectl_manifest.cr.name}
labels: ${jsonencode(local.worker_all_labels)}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ${kubectl_manifest.cr.name}
subjects:
- kind: ServiceAccount
name: ${kubectl_manifest.sa.name}
namespace: ${var.namespace}
EOF
}
resource "kubectl_manifest" "role" {
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "${var.instance}-${var.component}"
namespace: ${var.namespace}
labels: ${jsonencode(local.worker_all_labels)}
rules:
- apiGroups:
- ''
resources:
- secrets
- services
- configmaps
verbs:
- get
- create
- delete
- list
- patch
- apiGroups:
- extensions
- apps
resources:
- deployments
verbs:
- get
- create
- delete
- list
- patch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- create
- delete
- list
- patch
- apiGroups:
- traefik.containo.us
- traefik.io
resources:
- middlewares
verbs:
- get
- create
- delete
- list
- patch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- delete
- list
- patch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- list
EOF
}
resource "kubectl_manifest" "rb" {
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ${kubectl_manifest.role.name}
namespace: ${var.namespace}
labels: ${jsonencode(local.worker_all_labels)}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ${kubectl_manifest.role.name}
subjects:
- kind: ServiceAccount
name: ${kubectl_manifest.sa.name}
namespace: ${var.namespace}
EOF
}
Reference in New Issue View Git Blame Copy Permalink