Skip to content

Instantly share code, notes, and snippets.

@Urik

Urik/kubernetes.tf Secret

Created December 11, 2018 21:38
Show Gist options
  • Save Urik/70249baa4a18d9b78b65380445fd4871 to your computer and use it in GitHub Desktop.
Save Urik/70249baa4a18d9b78b65380445fd4871 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kubernetes.tf
variable "kube_config_path" {}
variable "dockercfg" {}
variable "tls_key" {}
variable "tls_cert" {}
provider "kubernetes" {
load_config_file = true
config_path = "${var.kube_config_path}"
}
resource "kubernetes_secret" "image_pull_secret" {
type = "kubernetes.io/dockercfg"
"metadata" {
name = "dockerregistrykey"
namespace = "default"
}
data {
".dockercfg" = "${var.dockercfg}"
}
}
resource "kubernetes_secret" "360ssl" {
metadata {
name = "360ssl"
namespace = "kube-system"
}
data {
"tls.key" = "${var.tls_key}"
"tls.crt" = "${var.tls_cert}"
}
}
resource "kubernetes_service_account" "helm_service_account" {
"metadata" {
name = "tiller"
namespace = "kube-system"
}
}
resource "kubernetes_cluster_role_binding" "helm_cluster_role_binding" {
metadata {
name = "tiller"
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = "cluster-admin"
}
subject {
kind = "ServiceAccount"
name = "${lookup(kubernetes_service_account.helm_service_account.metadata[0], "name")}"
namespace = "${lookup(kubernetes_service_account.helm_service_account.metadata[0], "namespace")}"
api_group = ""
}
}
resource "kubernetes_cluster_role_binding" "admin_cluster_role_binding" {
metadata {
name = <redacted>
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = "cluster-admin"
}
subject {
kind = "User"
name = <redacted>
api_group = "rbac.authorization.k8s.io"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment