b692eb0c34
Remove the module "xxx" { source = "./module" } indirection layer
from all 66 service stacks. Resources are now defined directly in
each stack's main.tf instead of through a wrapper module.
- Merge module/main.tf contents into stack main.tf
- Apply variable replacements (var.tier -> local.tiers.X, renamed vars)
- Fix shared module paths (one fewer ../ at each level)
- Move extra files/dirs (factory/, chart_values, subdirs) to stack root
- Update state files to strip module.<name>. prefix
- Update CLAUDE.md to reflect flat structure
Verified: terragrunt plan shows 0 add, 0 destroy across all stacks.
89 lines
2 KiB
HCL
89 lines
2 KiB
HCL
|
|
|
|
resource "kubernetes_namespace" "descheduler" {
|
|
metadata {
|
|
name = "descheduler"
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_cluster_role" "descheduler" {
|
|
metadata {
|
|
name = "descheduler-cluster-role"
|
|
}
|
|
rule {
|
|
api_groups = [""]
|
|
resources = ["events"]
|
|
verbs = ["create", "update"]
|
|
}
|
|
rule {
|
|
api_groups = ["metrics.k8s.io"]
|
|
resources = ["nodes"]
|
|
verbs = ["get", "watch", "list"]
|
|
}
|
|
rule {
|
|
api_groups = [""]
|
|
resources = ["namespaces"]
|
|
verbs = ["get", "list", "watch"]
|
|
}
|
|
rule {
|
|
api_groups = ["metrics.k8s.io"]
|
|
resources = ["pods"]
|
|
verbs = ["get", "watch", "list", "delete"]
|
|
}
|
|
rule {
|
|
api_groups = [""]
|
|
resources = ["pods/eviction"]
|
|
verbs = ["create"]
|
|
}
|
|
rule {
|
|
api_groups = [""]
|
|
resources = ["scheduling.k8s.io"]
|
|
verbs = ["get", "watch", "list"]
|
|
}
|
|
rule {
|
|
api_groups = ["scheduling.k8s.io"]
|
|
resources = ["priorityclasses"]
|
|
verbs = ["get", "list", "watch"]
|
|
}
|
|
rule {
|
|
api_groups = ["policy"]
|
|
resources = ["poddisruptionbudgets"]
|
|
verbs = ["get", "list", "watch"]
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_service_account" "descheduler" {
|
|
metadata {
|
|
name = "descheduler-sa"
|
|
namespace = kubernetes_namespace.descheduler.metadata[0].name
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_cluster_role_binding" "descheduler" {
|
|
metadata {
|
|
name = "descheduler-cluster-role-binding"
|
|
|
|
}
|
|
role_ref {
|
|
api_group = "rbac.authorization.k8s.io"
|
|
kind = "ClusterRole"
|
|
name = "descheduler-cluster-role"
|
|
}
|
|
subject {
|
|
name = "descheduler-sa"
|
|
kind = "ServiceAccount"
|
|
namespace = kubernetes_namespace.descheduler.metadata[0].name
|
|
}
|
|
}
|
|
|
|
resource "helm_release" "descheduler" { # rename me
|
|
namespace = kubernetes_namespace.descheduler.metadata[0].name
|
|
name = "descheduler"
|
|
|
|
repository = "https://kubernetes-sigs.github.io/descheduler/"
|
|
chart = "descheduler"
|
|
|
|
|
|
|
|
values = [templatefile("${path.module}/values.yaml", {})]
|
|
}
|