viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[ci skip] Add anca as namespace-owner for plotting-book

Browse source 
- Add ancaelena98@gmail.com as namespace-owner for plotting-book namespace
- Fix RBAC module: don't create namespaces (they're managed by service modules)
- RoleBinding to built-in admin ClusterRole + cluster-wide read-only access
- ResourceQuota: 2 CPU / 4Gi mem requests, 4 CPU / 8Gi limits, 20 pods
This commit is contained in:
Viktor Barzin 2026-02-17 22:18:37 +00:00
parent aa433d0750
commit 9dad07618d
1 changed files with 1 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

17
modules/kubernetes/rbac/main.tf
View file

@ -146,19 +146,6 @@ locals {
])
}
resource "kubernetes_namespace" "user_namespaces" {
for_each = { for pair in local.namespace_owner_pairs : "${pair.user_key}-${pair.namespace}" => pair }
metadata {
name = each.value.namespace
labels = {
tier = var.tier
"k8s-portal/owner" = each.value.user_key
"k8s-portal/managed-by" = "rbac-module"
}
}
}
resource "kubernetes_role_binding" "namespace_owner" {
for_each = { for pair in local.namespace_owner_pairs : "${pair.user_key}-${pair.namespace}" => pair }
@ -178,8 +165,6 @@ resource "kubernetes_role_binding" "namespace_owner" {
name = each.value.email
api_group = "rbac.authorization.k8s.io"
}
depends_on = [kubernetes_namespace.user_namespaces]
}
# Read-only cluster-wide access for namespace owners
@ -246,7 +231,7 @@ resource "kubernetes_resource_quota" "user_namespace_quota" {
}
}
depends_on = [kubernetes_namespace.user_namespaces]
depends_on = [kubernetes_role_binding.namespace_owner]
}
# ConfigMap with user-role mapping for the self-service portal