This repo contains a Module for managing Kubernetes Namespaces with Terraform.
- Deploy a Namespace from scratch
- Configure Namespaces with default RBAC roles
- Create and manage Namespace scoped Service Accounts with various access levels via RBAC
This repo is a part of the Gruntwork Infrastructure as Code Library, a collection of reusable, battle-tested, production ready infrastructure code. If you've never used the Infrastructure as Code Library before, make sure to read How to use the Gruntwork Infrastructure as Code Library!
- What is a Namespace?
- What is Kubernetes RBAC?
- What is a Service Account?
- Official Kubernetes Docs on Namespaces
- Official Kubernetes Docs on Service Accounts
- Official Kubernetes Docs on RBAC
- modules: the main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
- examples: This folder contains working examples of how to use the submodules.
- test: Automated tests for the modules and examples.
- examples folder: The
examplesfolder contains sample code optimized for learning, experimenting, and testing (but not production usage).
If you need help with this repo or anything else related to infrastructure or DevOps, Gruntwork offers Commercial Support via Slack, email, and phone/video. If you're already a Gruntwork customer, hop on Slack and ask away! If not, subscribe now. If you're not sure, feel free to email us at support@gruntwork.io.
Contributions to this repo are very welcome and appreciated! If you find a bug or want to add a new feature or even contribute an entirely new module, we are very happy to accept pull requests, provide feedback, and run your changes through our automated test suite.
Please see Contributing to the Gruntwork Infrastructure as Code Library for instructions.
Please see LICENSE.txt for details on how the code in this repo is licensed.
| Name | Version |
|---|---|
| terraform | >= 1.2.0 |
| kubernetes | >= 2.11 |
No providers.
| Name | Source | Version |
|---|---|---|
| namespace | ./modules/namespace | n/a |
| service_account_access_all | ./modules/service-account | n/a |
| service_account_access_read_only | ./modules/service-account | n/a |
No resources.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cluster_ca_certificate | The root certificates bundle for TLS authentication | string |
"" |
no |
| cluster_endpoint | The hostname (in form of URI) of the Kubernetes API | string |
"" |
no |
| cluster_token | Token of the cluster to authen | string |
"" |
no |
| create_resources | Set to false to have this module skip creating resources. | bool |
true |
no |
| exec_plugins | The Configuration block to use an exec-based credential plugin | map(any) |
{} |
no |
| kubectl_config_context_name | The config context to use when authenticating to the Kubernetes cluster. If empty, defaults to the current context specified in the kubeconfig file. | string |
"" |
no |
| kubectl_config_path | The path to the config file to use for kubectl. If empty, defaults to $HOME/.kube/config | string |
"" |
no |
| name | Name of the namespace to be created | string |
n/a | yes |
| Name | Description |
|---|---|
| name | Name of the created namespace |
| rbac_access_all_role | The name of the RBAC role that grants admin level permissions on the namespace. |
| rbac_access_read_only_role | The name of the RBAC role that grants read only permissions on the namespace. |
| service_account_access_all | The name of the ServiceAccount that has admin level permissions. |
| service_account_access_read_only | The name of the ServiceAccount that has read only level permissions. |