Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sparkfabrik/terraform-kubernetes-cluster-access

This module creates ClusterRole and RoleBinding in the specified namespace for developer and admin levels
https://github.com/sparkfabrik/terraform-kubernetes-cluster-access

developer-experience iac infrastructure-as-code kubernetes rbac terraform terraform-module

Last synced: 8 days ago
JSON representation

This module creates ClusterRole and RoleBinding in the specified namespace for developer and admin levels

Host: GitHub
URL: https://github.com/sparkfabrik/terraform-kubernetes-cluster-access
Owner: sparkfabrik
License: gpl-3.0
Created: 2023-11-16T10:18:00.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-01-25T16:03:35.000Z (12 months ago)
Last Synced: 2024-11-08T13:09:27.623Z (2 months ago)
Topics: developer-experience, iac, infrastructure-as-code, kubernetes, rbac, terraform, terraform-module
Language: HCL
Homepage:
Size: 24.4 KB
Stars: 0
Watchers: 5
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

        # Cluster access

## Roles description

This module creates `ClusterRole` and `RoleBinding` in the specified namespace with two access levels:

1. `developer_groups` is a list of groups that will have access as simple readers to the specified namespaces; they can only get the current deployed resources, read pod logs and exec commands inside the pods.

2. `admin_groups` is a list of groups that will have access as admin to the specified namespace; they can do anything on the current deployed resources

If the `enable_nodes_info_and_metrics_for_developers` and/or `enable_nodes_info_and_metrics_for_admins` are enabled, the `developer_groups` and/or `admin_groups` will have reading access to the `nodes` resources to get information and metrics about them.

If the `enable_namespaces_info_for_developers` and/or `enable_namespaces_info_for_admins` are enabled, the `developer_groups` and/or `admin_groups` will have reading access to the `namespace` resources to get information list them.

## Providers

| Name | Version |

|------|---------|

|  [kubernetes](#provider\_kubernetes) | >= 2.23 |

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.0 |

|  [kubernetes](#requirement\_kubernetes) | >= 2.23 |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [admin\_groups](#input\_admin\_groups) | The list of groups to grant admin access to | `list(string)` | `[]` | no |

|  [developer\_groups](#input\_developer\_groups) | The list of groups to grant developer access to | `list(string)` | `[]` | no |

|  [enable\_namespaces\_info\_for\_admins](#input\_enable\_namespaces\_info\_for\_admins) | Whether to enable the namespaces informations for admins groups. This requires to create a ClusterRole and a ClusterRoleBinding | `bool` | `false` | no |

|  [enable\_namespaces\_info\_for\_developers](#input\_enable\_namespaces\_info\_for\_developers) | Whether to enable the namespaces informations for developers groups. This requires to create a ClusterRole and a ClusterRoleBinding | `bool` | `false` | no |

|  [enable\_nodes\_info\_and\_metrics\_for\_admins](#input\_enable\_nodes\_info\_and\_metrics\_for\_admins) | Whether to enable the nodes informations and metrics for admins groups. This requires to create a ClusterRole and a ClusterRoleBinding | `bool` | `true` | no |

|  [enable\_nodes\_info\_and\_metrics\_for\_developers](#input\_enable\_nodes\_info\_and\_metrics\_for\_developers) | Whether to enable the nodes informations and metrics for developers groups. This requires to create a ClusterRole and a ClusterRoleBinding | `bool` | `true` | no |

|  [k8s\_labels](#input\_k8s\_labels) | The labels to apply to the Kubernetes resources | `map(string)` | 
{
  "scope": "cluster-access"
} | no |

|  [namespaces](#input\_namespaces) | The list of namespaces to grant access to | `list(string)` | n/a | yes |

|  [rbac\_name\_prefix](#input\_rbac\_name\_prefix) | The prefix to use for the RBAC resources | `string` | `"custom:cluster-access"` | no |

## Outputs

No outputs.

## Resources

| Name | Type |

|------|------|

| [kubernetes_cluster_role_binding_v1.namespaces_info_for_admins](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding_v1) | resource |

| [kubernetes_cluster_role_binding_v1.namespaces_info_for_developers](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding_v1) | resource |

| [kubernetes_cluster_role_binding_v1.nodes_info_for_admins](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding_v1) | resource |

| [kubernetes_cluster_role_binding_v1.nodes_info_for_developers](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding_v1) | resource |

| [kubernetes_cluster_role_v1.admin](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_v1) | resource |

| [kubernetes_cluster_role_v1.developer](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_v1) | resource |

| [kubernetes_cluster_role_v1.namespaces_info](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_v1) | resource |

| [kubernetes_cluster_role_v1.nodes_info](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_v1) | resource |

| [kubernetes_role_binding_v1.admin](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding_v1) | resource |

| [kubernetes_role_binding_v1.developer](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding_v1) | resource |

## Modules

No modules.