init: copied modules from lawndale-infra

2022-05-26 00:40:29 +02:00
commit 414feb48ee
39 changed files with 1435 additions and 0 deletions
--- a/kubernetes/flannel/rbac.tf
+++ b/kubernetes/flannel/rbac.tf
@@ -0,0 +1,52 @@
+
+resource "kubernetes_cluster_role" "this" {
+  count = var.create_cluster_role ? 1 : 0
+
+  metadata {
+    name = var.cluster_role_name
+  }
+  rule {
+    api_groups     = ["extensions"]
+    resources      = ["podsecuritypolicies"]
+    verbs          = ["use"]
+    resource_names = [kubernetes_pod_security_policy.this.metadata.0.name]
+  }
+  rule {
+    api_groups = [""]
+    resources  = ["pods"]
+    verbs      = ["get"]
+  }
+  rule {
+    api_groups = [""]
+    resources  = ["nodes"]
+    verbs      = ["list", "watch"]
+  }
+  rule {
+    api_groups = [""]
+    resources  = ["nodes/status"]
+    verbs      = ["patch"]
+  }
+}
+
+resource "kubernetes_service_account" "this" {
+  metadata {
+    name      = "flannel"
+    namespace = var.namespace
+  }
+}
+
+resource "kubernetes_cluster_role_binding" "this" {
+  metadata {
+    name = "flannel"
+  }
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "ClusterRole"
+    name      = var.cluster_role_name
+  }
+  subject {
+    kind      = "ServiceAccount"
+    name      = kubernetes_service_account.this.metadata.0.name
+    namespace = kubernetes_service_account.this.metadata.0.namespace
+  }
+}