k8s-rbac-controller
所属分类:微服务
开发工具:HCL
文件大小:14KB
下载次数:0
上传日期:2022-04-27 08:48:11
上 传 者:
sh-1993
说明: k8s rbac控制器,,
(k8s-rbac-controller,,)
文件列表:
LICENSE (11357, 2023-09-27)
cluster_role.tf (463, 2023-09-27)
cluster_role_binding.tf (1111, 2023-09-27)
csr.tf (767, 2023-09-27)
docs (0, 2023-09-27)
docs\example (0, 2023-09-27)
docs\example\nxs-k8s-rbac-creator.tf (2334, 2023-09-27)
files.tf (2505, 2023-09-27)
locals.tf (2259, 2023-09-27)
main.tf (371, 2023-09-27)
role.tf (499, 2023-09-27)
role_binding.tf (2270, 2023-09-27)
sa-kubeconfig.tpl (367, 2023-09-27)
sa.tf (237, 2023-09-27)
secret.tf (527, 2023-09-27)
users-kubeconfig.tpl (440, 2023-09-27)
variables.tf (8520, 2023-09-27)
![nxs-k8s-rbac-creator](https://github.com/nixys/nxs-k8s-rbac-creator/assets/23610059/f0739477-f32f-466f-ac6f-773bb6dcaa74)
# nxs-k8s-rbac-creator
## Introduction
nxs-k8s-rbac-creator is a Terraform (>= v1.0.0) module that creates RBAC rules for Kubernetes.
### Features
- Support next Kubernetes versions (1.23, 1.24, 1.25, 1.26, 1.27)
- Create service accounts and users
- Generate kubeconfigs for them
- Create role bindings and cluster role bindings for service accounts, users and groups
### Who can use the tool
* System Administrators
* DevOps Engineers
* Developers
Who work with different namespaces in Kubernetes.
## Quickstart
For use this module you need to installed Terraform package. [Set up](#settings) the nxs-k8s-rbac-creator Terraform file, then init, plan and run module:
```bash
$ terraform init
$ terraform plan
$ terraform apply
```
### Settings
| Variable | Required | Default value | Description |
|--- | :---: | :---: |--- |
| `output_files_path` | true | ./files | The path to directorie where save generated tls files and kubeconfig for users and service accounts |
| `k8s_api_endpoint` | | true | The hostname (in form of URI) of the Kubernetes API. Variables `k8s_api_endpoint`, `k8s_auth_cluster_ca_certificate` and `k8s_cluster_name` needed for generate kubeconfig |
| `k8s_insecure` | true | false | Whether the server should be accessed without verifying the TLS certificate |
| `k8s_cluster_name` | true | | Kubernetes cluster name |
| `k8s_auth_cluster_ca_certificate` | true | | PEM-encoded root certificates bundle for TLS authentication. One of field `raw` or `encoded` must be set. If both are given, the `raw` field will be used |
| `k8s_auth_cluster_ca_certificate.raw` | false | | Raw certificate. Example: "-----BEGIN CERTIFICATE-----\nMIIELDCCApSgAwIBAgIQcLahmhzRbVMSRZX2cQXtuTANBgkqhkiG9w0BAQsFADAv\n...\n-----END CERTIFICATE-----\n". |
| `k8s_auth_cluster_ca_certificate.encoded` | false | | Base*** encoded certificate |
| `k8s_config_path` | true | | The path for kubeconfig |
| `k8s_config_context` | false | | Kubeconfig context |
| `roles_list` | true | | List of create roles|
| `roles_list.name` | true | | Role name |
| `roles_list.namespace` | true | | Role namespace |
| `roles_list.rules` | true | | List of rules |
| `roles_list.rules.api_groups` | true | | List of api groups |
| `roles_list.rules.resources` | true | | List of resources |
| `roles_list.rules.verbs` | true | | List of verbs |
| `roles_list.rules.resource_names` | false | | White list of names that the rule applies to |
| `cluster_roles_list` | true | | List of cluster roles |
| `cluster_roles_list.name` | true | | Cluster role name |
| `cluster_roles_list.rules` | true | | List of rules |
| `cluster_roles_list.rules.api_groups` | true | | List of api groups |
| `cluster_roles_list.rules.resources` | true | | List of resources |
| `cluster_roles_list.rules.verbs` | true | | List of verbs |
| `cluster_roles_list.rules.resource_names` | false | | White list of names that the rule applies to |
| `sa_list` | true | | List of service accounts |
| `sa_list.name` | true | | Service account name |
| `sa_list.namespace` | true | | Service account namespace |
| `bindings` | true | | List of bindings. One of variable (`sa_list`, `users`, `groups`) must be set for all bindings type |
| `bindings.type` | true | | Type of binding (role_binding or cluster_role_binding). Variables `roles` or `cluster_roles` must be set for role binding. Variable `cluster_roles` must be set for cluster role binding |
| `bindings.prefix` | true | | Unique string that use in binding name |
| `bindings.namespaces` | false | | List of namespaces where role binding create. Uses only for role binding. If variable is empty for role binding deploy will fail |
| `bindings.sa_list` | false | | List of service accounts |
| `bindings.sa_list.name` | true | | Service account name |
| `bindings.sa_list.namespace` | true | | Service account namespace |
| `bindings.users` | false | | List of users. Users create from this list |
| `bindings.users.name` | true | | Name of the user |
| `bindings.users.group` | true | | User group |
| `bindings.groups` | false | | List of groups |
| `bindings.roles` | false | | List of roles |
| `bindings.cluster_roles` | false | | List of cluster roles |
### Example
Usage example located in this [directory](docs/example).
## Roadmap
Following features are already in backlog for our development team and will be released soon:
* Module support
## Feedback
For support and feedback please contact me:
- telegram: [@aarchimaev](https://t.me/aarchimaev)
- e-mail: a.archimaev@nixys.ru
## License
nxs-k8s-rbac-creator is released under the [Apache License 2.0](LICENSE).
近期下载者:
相关文件:
收藏者: