Terraform Kubernetes RBAC Module
Terraform module which create Kubernetes Service Account with RBAC Authorization.
module "rbac_example" {
source = "../"
name = "rbac-example"
cluster_role = {
rules = [
{
api_groups = [""]
resources = ["nodes", "namespaces", "events", "pods", "services", "configmaps", "serviceaccounts", "peristentvolumes", "persistentvolumeclaims"]
verbs = ["get", "list", "watch"]
},
{
api_groups = ["extensions"]
resources = ["replicasets"]
verbs = ["get", "list", "watch"]
},
{
api_groups = ["apps"]
resources = ["statefulsets", "deployments", "replicasets", "daemonsets"]
verbs = ["get", "list", "watch"] },
{
api_groups = [""]
resources = ["nodes/stats"]
verbs = ["get"]
},
{
api_groups = ["batch"]
resources = ["jobs", "cronjobs"]
verbs = ["get", "list", "watch"]
},
{
non_resource_urls = ["/metrics"]
verbs = ["get"]
},
{
api_groups = ["rbac.authorization.k8s.io"]
resources = ["clusterrolebindings", "clusterroles", "rolebindings", "roles"]
verbs = ["get", "list", "watch"]
},
{
api_groups = ["policy"]
resources = ["podsecuritypolicies"]
verbs = ["get", "list", "watch"]
}
]
}
roles = [
{
name = "kubeadm-config" # The name will be rbac-example-kubeadm-config
rules = [
{
api_groups = [""]
resources = ["configmaps"]
resource_names = ["kubeadm-config"]
verbs = ["get"]
},
]
},
{
name = "" # The name will be rbac-example-kubeadm-config
rules = [
{
api_groups = ["coordination.k8s.io"]
resources = ["leases"]
verbs = ["get", "create", "update"]
},
]
}
]
}
No modules.
Name |
Description |
Type |
Default |
Required |
cluster_role |
Configuration for the Cluster Role |
object({ rules = set(map(list(string))) }) |
n/a |
yes |
labels |
Labels append to created resources |
map(string) |
{} |
no |
name |
Name used to create resources |
string |
n/a |
yes |
namespace |
Namespace where resources will be created |
string |
"default" |
no |
roles |
Configuration for the Roles |
list(object({ name = string rules = set(map(list(string))) })) |
n/a |
yes |