terraform-kubernetes-x509-auth-manager

Create kubeconfig files and delegate access to clusters using x509 authentication.

Example

Here's what using the module will look like

module "example" {
  source  = "rhythmictech/x509-auth-manager/kubernetes
  version = "v1.0.0

  cluster_ca_certificate = "L0NGh@sH"
  cluster_name           = "rhythmic-canary-cluster"
  host                   = "https://rhythmic-canary-cluster.hcp.eastus.azmk8s.io:443"
  name                   = "ultraspice"
  namespace              = "the_test_spice"
  namespace_admins = [
    "spice",
    "melange",
    "pierre",
    "thespice"
  ]
}

About

This code started as a one-off usecase we had at @rhythmic where we needed to delegate access to an old AKS cluster. It was interesting enough to get turned into a blog post/terraform module! You can check it out here: rhythmictech.com/blog/generating-new-kubernetes-users-with-terraform/

Requirements

Name	Version
terraform	>= 0.12.0
kubernetes	~> 1.11.0
local	~> 1.4
tls	~> 2.1

Providers

Name	Version
kubernetes	~> 1.11.0
local	~> 1.4
tls	~> 2.1

Inputs

Name	Description	Type	Default	Required
cluster_ca_certificate	PEM-encoded root certificates bundle for TLS authentication.	`string`	n/a	yes
cluster_name	Name of the K8s cluster	`string`	n/a	yes
host	The hostname (in form of URI) of Kubernetes master.	`string`	n/a	yes
name	Moniker to apply to all resources in the module	`string`	n/a	yes
namespace	Kubernetes namespace to populate	`string`	n/a	yes
kubeconfig_file_name	Path to kubeconfig file used to request CSR approval	`string`	`"~/.kube/config"`	no
labels	User-Defined labels for k8s resources	`map(string)`	`{}`	no
namespace_admins	Names of the Users who will have access kubernetes cluster/namespace	`list(string)`	`[]`	no
namespace_admins_rule	APIGroups, resources, and verbs that define the namespace admin access	object({ api_groups = list(string) resources = list(string) verbs = list(string) })	{ "api_groups": [ "" ], "resources": [ "" ], "verbs": [ "" ] }	no

Outputs

Name	Description
kubernetes_role	The role applied to these users
namespace	Kubernetes namespace
user_kubeconfigs	User Kubeconfig yaml files

The Giants underneath this module

pre-commit.com/
terraform.io/
github.com/tfutils/tfenv
github.com/segmentio/terraform-docs

About

Create Namespace Admins in Kubernetes

https://registry.terraform.io/modules/rhythmictech/namespace-admins/kubernetes

MIT License

Languages

Language:HCL 84.6%Language:Smarty 8.6%Language:Shell 6.9%