thomasklein/terraform-lawndale-k8s
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
d92935b63af9c9050023f80b9f6f4a5b5305a1f9
terraform-lawndale-k8s/ci.tf

119 lines
2.0 KiB
HCL
Raw Blame History

resource "kubernetes_service_account" "terraform_ci_cd" {
metadata {
namespace = "kube-system"
name = "terraform-ci-cd"
}
automount_service_account_token = false
}
resource "kubernetes_cluster_role_binding" "terraform_ci_is_a_ci" {
metadata {
name = "terraform-ci-cd-is-a-ci-cd"
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = kubernetes_cluster_role.ci_cd.metadata.0.name
}
subject {
kind = "ServiceAccount"
name = kubernetes_service_account.terraform_ci_cd.metadata.0.name
namespace = kubernetes_service_account.terraform_ci_cd.metadata.0.namespace
}
}
resource "kubernetes_cluster_role" "ci_cd" {
metadata {
name = "ci-cd"
}
rule {
api_groups = [""]
resources = [
"configmaps",
"persistentvolumes",
"persistentvolumeclaims",
"pods",
"namespaces",
"secrets",
"services",
]
verbs = [
"create",
"delete",
"get",
"list",
"patch",
"update",
"watch",
]
}
rule {
api_groups = ["apps"]
resources = [
"deployments",
"replicasets", # needed for 'helm upgrade --wait'
]
verbs = [
"create",
"delete",
"get",
"list",
"patch",
"update",
"watch",
]
}
rule {
api_groups = ["autoscaling"]
resources = [
"horizontalpodautoscalers"
]
verbs = [
"create",
"delete",
"get",
"list",
"patch",
"update",
"watch",
]
}
rule {
api_groups = ["networking.k8s.io"]
resources = [
"ingresses",
]
verbs = [
"create",
"delete",
"get",
"list",
"patch",
"update",
"watch",
]
}
rule {
api_groups = ["networking.k8s.io"]
resources = [
"networkpolicies"
]
verbs = [
"create",
"delete",
"get",
"list",
"patch",
"update",
"watch",
]
}
}
Reference in New Issue View Git Blame Copy Permalink