Skip to content

Commit

Permalink
Uncomment onboarding code
Browse files Browse the repository at this point in the history
  • Loading branch information
@brettcurtis
brettcurtis committed Jul 5, 2024
1 parent 655ac92 commit e70b351
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 30 deletions.
4 changes: 4 additions & 0 deletions regional/onboarding/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ No requirements.

| Name | Version |
|------|---------|
| <a name="provider_google"></a> [google](#provider\_google) | 5.36.0 |
| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.31.0 |

## Modules
Expand All @@ -24,7 +25,10 @@ No modules.
| [kubernetes_namespace_v1.istio_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
| [kubernetes_namespace_v1.istio_system](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
| [kubernetes_namespace_v1.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
| [kubernetes_role_binding_v1.namespace_admin](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding_v1) | resource |
| [kubernetes_role_v1.namespace_admin](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_v1) | resource |
| [kubernetes_service_account_v1.workload_identity](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account_v1) | resource |
| [google_service_account.workload_identity](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/service_account) | data source |

## Inputs

Expand Down
60 changes: 30 additions & 30 deletions regional/onboarding/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# Google Service Account Data Source
# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/service_account

# data "google_service_account" "workload_identity" {
# for_each = var.namespaces
data "google_service_account" "workload_identity" {
for_each = var.namespaces

# account_id = var.workload_identity_service_account_emails[each.key]
# }
account_id = var.workload_identity_service_account_emails[each.key]
}

# Kubernetes Namespace Resource
# https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1
Expand Down Expand Up @@ -74,39 +74,39 @@ resource "kubernetes_role_v1" "namespace_admin" {
# Kubernetes Role Binding Resource
# https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/role_binding_v1

# resource "kubernetes_role_binding_v1" "namespace_admin" {
# for_each = local.namespace_admin_service_accounts
resource "kubernetes_role_binding_v1" "namespace_admin" {
for_each = local.namespace_admin_service_accounts

# metadata {
# name = "namespace-admin"
# namespace = kubernetes_namespace_v1.this[each.value.namespace].metadata.0.name
# }
metadata {
name = "namespace-admin"
namespace = kubernetes_namespace_v1.this[each.value.namespace].metadata.0.name
}

# role_ref {
# api_group = "rbac.authorization.k8s.io"
# kind = "Role"
# name = "namespace-admin"
# }
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "Role"
name = "namespace-admin"
}

# subject {
# kind = "User"
# name = each.value.service_account
# }
# }
subject {
kind = "User"
name = each.value.service_account
}
}

# Kubernetes Service Account Resource
# https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account_v1

# resource "kubernetes_service_account_v1" "workload_identity" {
# for_each = var.namespaces
resource "kubernetes_service_account_v1" "workload_identity" {
for_each = var.namespaces

# metadata {
metadata {

# annotations = {
# "iam.gke.io/gcp-service-account" = data.google_service_account.workload_identity[each.key].email
# }
annotations = {
"iam.gke.io/gcp-service-account" = data.google_service_account.workload_identity[each.key].email
}

# name = "${each.key}-workload-identity-sa"
# namespace = kubernetes_namespace_v1.this[each.key].metadata.0.name
# }
# }
name = "${each.key}-workload-identity-sa"
namespace = kubernetes_namespace_v1.this[each.key].metadata.0.name
}
}

0 comments on commit e70b351

Please sign in to comment.