Skip to content

Commit

Permalink
Grant cluster wide crd access to deploy roles
Browse files Browse the repository at this point in the history
  • Loading branch information
@OlamideOl1
OlamideOl1 committed Oct 24, 2024
1 parent 8b85174 commit 7166af6
Showing 1 changed file with 33 additions and 2 deletions.
35 changes: 33 additions & 2 deletions aws/deploy-role-bindings/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
resource "kubernetes_role_binding" "cluster" {
resource "kubernetes_cluster_role_binding" "cluster" {
for_each = toset(var.cluster_roles)

metadata {
name = var.name
namespace = var.namespace
}

role_ref {
Expand All @@ -19,6 +18,38 @@ resource "kubernetes_role_binding" "cluster" {
}
}

resource "kubernetes_cluster_role" "cluster_crd" {
metadata {
name = "${var.name}-cluster-crd"
}

rule {
api_groups = ["apiextensions.k8s.io"]
resources = ["customresourcedefinitions"]
verbs = ["get", "list"]
}
}

resource "kubernetes_cluster_role_binding" "cluster_crd" {
metadata {
name = "${var.name}-cluster-crd"
}

role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = "${var.name}-cluster-crd"
}

subject {
kind = "Group"
name = var.group
api_group = "rbac.authorization.k8s.io"
}

depends_on = [ kubernetes_cluster_role.cluster_crd ]
}

resource "kubernetes_role_binding" "crd" {
metadata {
name = kubernetes_role.deploy_crd.metadata[0].name
Expand Down

0 comments on commit 7166af6

Please sign in to comment.