thomasklein/terraform-lawndale-k8s
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
29065a4df85a7e05e952930da5b1189c296df6c8
terraform-lawndale-k8s/ci.tf
Tamas Kiss 29065a4df8
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
perm: give more permission to CI clusterrole
2022-05-27 11:43:06 +02:00

101 lines
2.2 KiB
HCL
Raw Blame History

resource "kubernetes_service_account" "terraform_ci_cd" {
metadata {
namespace = "kube-system"
name = "terraform-ci-cd"
}
automount_service_account_token = false
}
resource "kubernetes_cluster_role_binding" "terraform_ci_is_a_ci" {
metadata {
name = "terraform-ci-cd-is-a-ci-cd"
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = kubernetes_cluster_role.ci_cd.metadata.0.name
}
subject {
kind = "ServiceAccount"
name = kubernetes_service_account.terraform_ci_cd.metadata.0.name
namespace = kubernetes_service_account.terraform_ci_cd.metadata.0.namespace
}
}
resource "kubernetes_cluster_role" "ci_cd" {
metadata {
name = "ci-cd"
}
rule {
api_groups = [""]
resources = [
"configmaps",
"persistentvolumes",
"persistentvolumeclaims",
"pods",
"namespaces",
"secrets",
"serviceaccounts",
"services",
]
verbs = ["create", "delete", "get", "list", "patch", "update", "watch"]
}
rule {
api_groups = ["apps"]
resources = [
"deployments",
"replicasets", # needed for 'helm upgrade --wait'
]
verbs = ["create", "delete", "get", "list", "patch", "update", "watch"]
}
rule {
api_groups = ["autoscaling"]
resources = [
"horizontalpodautoscalers"
]
verbs = ["create", "delete", "get", "list", "patch", "update", "watch"]
}
rule {
api_groups = ["networking.k8s.io"]
resources = [
"ingresses",
"networkpolicies"
]
verbs = ["create", "delete", "get", "list", "patch", "update", "watch"]
}
rule {
api_groups = ["apiextensions.k8s.io"]
resources = [
"customresourcedefinitions"
]
verbs = ["create", "delete", "get", "list", "patch", "update", "watch"]
}
rule {
api_groups = ["rbac.authorization.k8s.io"]
resources = [
"clusterrolebindings",
"clusterroles",
"rolebindings",
"roles",
]
verbs = ["create", "delete", "get", "list", "patch", "update", "watch"]
}
rule {
api_groups = ["policy"]
resources = [
"podsecuritypolicies",
]
verbs = ["create", "delete", "get", "list", "patch", "update", "watch"]
}
}
Reference in New Issue View Git Blame Copy Permalink