Merge pull request #29 from DNXLabs/fix/rbac-binding

split role and role binding into different files due to limitation on kubectl_manifest applying two resources in the same yaml
DNXLabs · Sep 21, 2022 · 2b1fcf0 · 2b1fcf0
2 parents 51ff864 + beb58c4
commit 2b1fcf0
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 16 deletions.
diff --git a/role.tf b/role.tf
@@ -6,3 +6,15 @@ resource "kubectl_manifest" "cluster_role" {
     resourcenames = "${each.value.secrets}"
   })
 }
+
+resource "kubectl_manifest" "cluster_role_binding" {
+  for_each = { for role in try(var.roles, []) : role.name => role }
+  yaml_body = templatefile("${path.module}/role_binding.tpl.yaml", {
+    name          = "${each.value.name}"
+    namespace     = "${each.value.namespace}"
+    resourcenames = "${each.value.secrets}"
+  })
+  depends_on = [
+    kubectl_manifest.cluster_role
+  ]
+}
diff --git a/role.tpl.yaml b/role.tpl.yaml
@@ -1,4 +1,3 @@
----
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -16,18 +15,4 @@ rules:
     verbs:
       - get
       - list
-      - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-    name: ${name}
-    namespace: ${namespace}
-roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: Role
-    name: ${name}
-subjects:
-  - kind: ServiceAccount
-    name: aws-alb-ingress-controller
-    namespace: kube-system
+      - watch
diff --git a/role_binding.tpl.yaml b/role_binding.tpl.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+    name: ${name}
+    namespace: ${namespace}
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: ${name}
+subjects:
+  - kind: ServiceAccount
+    name: aws-alb-ingress-controller
+    namespace: kube-system