Skip to content

sparkfabrik/terraform-kubernetes-cluster-access

BranchesTags

Repository files navigation

Cluster access

Roles description

This module creates ClusterRole and RoleBinding in the specified namespace with two access levels:

  1. developer_groups is a list of groups that will have access as simple readers to the specified namespaces; they can only get the current deployed resources, read pod logs and exec commands inside the pods.
  2. admin_groups is a list of groups that will have access as admin to the specified namespace; they can do anything on the current deployed resources

If the enable_nodes_info_and_metrics_for_developers and/or enable_nodes_info_and_metrics_for_admins are enabled, the developer_groups and/or admin_groups will have reading access to the nodes resources to get information and metrics about them.

If the enable_namespaces_info_for_developers and/or enable_namespaces_info_for_admins are enabled, the developer_groups and/or admin_groups will have reading access to the namespace resources to get information list them.

Providers

Name Version
kubernetes >= 2.23

Requirements

Name Version
terraform >= 1.0
kubernetes >= 2.23

Inputs

Name Description Type Default Required
admin_groups The list of groups to grant admin access to list(string) [] no
developer_groups The list of groups to grant developer access to list(string) [] no
enable_namespaces_info_for_admins Whether to enable the namespaces informations for admins groups. This requires to create a ClusterRole and a ClusterRoleBinding bool false no
enable_namespaces_info_for_developers Whether to enable the namespaces informations for developers groups. This requires to create a ClusterRole and a ClusterRoleBinding bool false no
enable_nodes_info_and_metrics_for_admins Whether to enable the nodes informations and metrics for admins groups. This requires to create a ClusterRole and a ClusterRoleBinding bool true no
enable_nodes_info_and_metrics_for_developers Whether to enable the nodes informations and metrics for developers groups. This requires to create a ClusterRole and a ClusterRoleBinding bool true no
k8s_labels The labels to apply to the Kubernetes resources map(string) 
{
  "scope": "cluster-access"
}
 no
namespaces The list of namespaces to grant access to list(string) n/a yes
rbac_name_prefix The prefix to use for the RBAC resources string "custom:cluster-access" no

Outputs

No outputs.

Resources

Name Type
kubernetes_cluster_role_binding_v1.namespaces_info_for_admins resource
kubernetes_cluster_role_binding_v1.namespaces_info_for_developers resource
kubernetes_cluster_role_binding_v1.nodes_info_for_admins resource
kubernetes_cluster_role_binding_v1.nodes_info_for_developers resource
kubernetes_cluster_role_v1.admin resource
kubernetes_cluster_role_v1.developer resource
kubernetes_cluster_role_v1.namespaces_info resource
kubernetes_cluster_role_v1.nodes_info resource
kubernetes_role_binding_v1.admin resource
kubernetes_role_binding_v1.developer resource

Modules

No modules.

About

This module creates ClusterRole and RoleBinding in the specified namespace for developer and admin levels

Topics

kubernetes terraform iac rbac infrastructure-as-code developer-experience terraform-module

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases 4

0.4.0 Latest
Jul 1, 2025
+ 3 releases

Languages