{"id":19508859,"url":"https://github.com/rhythmictech/terraform-kubernetes-x509-auth-manager","last_synced_at":"2025-10-19T07:34:41.853Z","repository":{"id":51668931,"uuid":"267362907","full_name":"rhythmictech/terraform-kubernetes-x509-auth-manager","owner":"rhythmictech","description":"Create Namespace Admins in Kubernetes","archived":false,"fork":false,"pushed_at":"2021-05-10T19:50:04.000Z","size":17,"stargazers_count":5,"open_issues_count":1,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-04T07:11:19.795Z","etag":null,"topics":["authentication","kubernetes","namespace","namespace-admins","terraform","terraform-module","x509"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/rhythmictech/namespace-admins/kubernetes","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rhythmictech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-05-27T15:53:42.000Z","updated_at":"2022-08-18T07:37:58.000Z","dependencies_parsed_at":"2022-08-22T21:21:09.846Z","dependency_job_id":null,"html_url":"https://github.com/rhythmictech/terraform-kubernetes-x509-auth-manager","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":"rhythmictech/terraform-terraform-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-kubernetes-x509-auth-manager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-kubernetes-x509-auth-manager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-kubernetes-x509-auth-manager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-kubernetes-x509-auth-manager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rhythmictech","download_url":"https://codeload.github.com/rhythmictech/terraform-kubernetes-x509-auth-manager/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250926816,"owners_count":21509041,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","kubernetes","namespace","namespace-admins","terraform","terraform-module","x509"],"created_at":"2024-11-10T23:10:08.041Z","updated_at":"2025-10-19T07:34:36.822Z","avatar_url":"https://github.com/rhythmictech.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-kubernetes-x509-auth-manager [![](https://github.com/rhythmictech/terraform-kubernetes-x509-auth-manager/workflows/pre-commit-check/badge.svg)](https://github.com/rhythmictech/terraform-kubernetes-x509-auth-manager/actions) \u003ca href=\"https://twitter.com/intent/follow?screen_name=RhythmicTech\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/RhythmicTech?style=social\u0026logo=RhythmicTech\" alt=\"follow on Twitter\"\u003e\u003c/a\u003e\nCreate kubeconfig files and delegate access to clusters using x509 authentication.\n\n## Example\nHere's what using the module will look like\n```hcl\nmodule \"example\" {\n  source  = \"rhythmictech/x509-auth-manager/kubernetes\n  version = \"v1.0.0\n\n  cluster_ca_certificate = \"L0NGh@sH\"\n  cluster_name           = \"rhythmic-canary-cluster\"\n  host                   = \"https://rhythmic-canary-cluster.hcp.eastus.azmk8s.io:443\"\n  name                   = \"ultraspice\"\n  namespace              = \"the_test_spice\"\n  namespace_admins = [\n    \"spice\",\n    \"melange\",\n    \"pierre\",\n    \"thespice\"\n  ]\n}\n```\n\n## About\nThis code started as a one-off usecase we had at @rhythmic where we needed to delegate access to an old AKS cluster. It was interesting enough to get turned into a blog post/terraform module! You can check it out here: [rhythmictech.com/blog/generating-new-kubernetes-users-with-terraform/](https://www.rhythmictech.com/blog/generating-new-kubernetes-users-with-terraform/)\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| terraform | \u003e= 0.12.0 |\n| kubernetes | ~\u003e 1.11.0 |\n| local | ~\u003e 1.4 |\n| tls | ~\u003e 2.1 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| kubernetes | ~\u003e 1.11.0 |\n| local | ~\u003e 1.4 |\n| tls | ~\u003e 2.1 |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| cluster\\_ca\\_certificate | PEM-encoded root certificates bundle for TLS authentication. | `string` | n/a | yes |\n| cluster\\_name | Name of the K8s cluster | `string` | n/a | yes |\n| host | The hostname (in form of URI) of Kubernetes master. | `string` | n/a | yes |\n| name | Moniker to apply to all resources in the module | `string` | n/a | yes |\n| namespace | Kubernetes namespace to populate | `string` | n/a | yes |\n| kubeconfig\\_file\\_name | Path to kubeconfig file used to request CSR approval | `string` | `\"~/.kube/config\"` | no |\n| labels | User-Defined labels for k8s resources | `map(string)` | `{}` | no |\n| namespace\\_admins | Names of the Users who will have access kubernetes cluster/namespace | `list(string)` | `[]` | no |\n| namespace\\_admins\\_rule | APIGroups, resources, and verbs that define the namespace admin access | \u003cpre\u003eobject({\u003cbr\u003e    api_groups = list(string)\u003cbr\u003e    resources  = list(string)\u003cbr\u003e    verbs      = list(string)\u003cbr\u003e  })\u003c/pre\u003e | \u003cpre\u003e{\u003cbr\u003e  \"api_groups\": [\u003cbr\u003e    \"\"\u003cbr\u003e  ],\u003cbr\u003e  \"resources\": [\u003cbr\u003e    \"*\"\u003cbr\u003e  ],\u003cbr\u003e  \"verbs\": [\u003cbr\u003e    \"*\"\u003cbr\u003e  ]\u003cbr\u003e}\u003c/pre\u003e | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| kubernetes\\_role | The role applied to these users |\n| namespace | Kubernetes namespace |\n| user\\_kubeconfigs | User Kubeconfig yaml files |\n\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\n## The Giants underneath this module\n- pre-commit.com/\n- terraform.io/\n- github.com/tfutils/tfenv\n- github.com/segmentio/terraform-docs\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhythmictech%2Fterraform-kubernetes-x509-auth-manager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frhythmictech%2Fterraform-kubernetes-x509-auth-manager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhythmictech%2Fterraform-kubernetes-x509-auth-manager/lists"}