https://github.com/rhythmictech/terraform-kubernetes-x509-auth-manager
Create Namespace Admins in Kubernetes
https://github.com/rhythmictech/terraform-kubernetes-x509-auth-manager
authentication kubernetes namespace namespace-admins terraform terraform-module x509
Last synced: 8 months ago
JSON representation
Create Namespace Admins in Kubernetes
- Host: GitHub
- URL: https://github.com/rhythmictech/terraform-kubernetes-x509-auth-manager
- Owner: rhythmictech
- License: mit
- Created: 2020-05-27T15:53:42.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2021-05-10T19:50:04.000Z (about 5 years ago)
- Last Synced: 2025-04-04T07:11:19.795Z (about 1 year ago)
- Topics: authentication, kubernetes, namespace, namespace-admins, terraform, terraform-module, x509
- Language: HCL
- Homepage: https://registry.terraform.io/modules/rhythmictech/namespace-admins/kubernetes
- Size: 16.6 KB
- Stars: 5
- Watchers: 2
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# terraform-kubernetes-x509-auth-manager [](https://github.com/rhythmictech/terraform-kubernetes-x509-auth-manager/actions) 
Create kubeconfig files and delegate access to clusters using x509 authentication.
## Example
Here's what using the module will look like
```hcl
module "example" {
source = "rhythmictech/x509-auth-manager/kubernetes
version = "v1.0.0
cluster_ca_certificate = "L0NGh@sH"
cluster_name = "rhythmic-canary-cluster"
host = "https://rhythmic-canary-cluster.hcp.eastus.azmk8s.io:443"
name = "ultraspice"
namespace = "the_test_spice"
namespace_admins = [
"spice",
"melange",
"pierre",
"thespice"
]
}
```
## About
This code started as a one-off usecase we had at @rhythmic where we needed to delegate access to an old AKS cluster. It was interesting enough to get turned into a blog post/terraform module! You can check it out here: [rhythmictech.com/blog/generating-new-kubernetes-users-with-terraform/](https://www.rhythmictech.com/blog/generating-new-kubernetes-users-with-terraform/)
## Requirements
| Name | Version |
|------|---------|
| terraform | >= 0.12.0 |
| kubernetes | ~> 1.11.0 |
| local | ~> 1.4 |
| tls | ~> 2.1 |
## Providers
| Name | Version |
|------|---------|
| kubernetes | ~> 1.11.0 |
| local | ~> 1.4 |
| tls | ~> 2.1 |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| cluster\_ca\_certificate | PEM-encoded root certificates bundle for TLS authentication. | `string` | n/a | yes |
| cluster\_name | Name of the K8s cluster | `string` | n/a | yes |
| host | The hostname (in form of URI) of Kubernetes master. | `string` | n/a | yes |
| name | Moniker to apply to all resources in the module | `string` | n/a | yes |
| namespace | Kubernetes namespace to populate | `string` | n/a | yes |
| kubeconfig\_file\_name | Path to kubeconfig file used to request CSR approval | `string` | `"~/.kube/config"` | no |
| labels | User-Defined labels for k8s resources | `map(string)` | `{}` | no |
| namespace\_admins | Names of the Users who will have access kubernetes cluster/namespace | `list(string)` | `[]` | no |
| namespace\_admins\_rule | APIGroups, resources, and verbs that define the namespace admin access |
object({
api_groups = list(string)
resources = list(string)
verbs = list(string)
}) | {
"api_groups": [
""
],
"resources": [
"*"
],
"verbs": [
"*"
]
} | no |
## Outputs
| Name | Description |
|------|-------------|
| kubernetes\_role | The role applied to these users |
| namespace | Kubernetes namespace |
| user\_kubeconfigs | User Kubeconfig yaml files |
## The Giants underneath this module
- pre-commit.com/
- terraform.io/
- github.com/tfutils/tfenv
- github.com/segmentio/terraform-docs