A role contains rules that represent a set of permissions. Permissions are purely additive (there are no “deny” rules).
resource "kubernetes_role" "example" {
metadata {
name = "terraform-example"
labels = {
test = "MyRole"
}
}
rule {
api_groups = [""]
resources = ["pods"]
resource_names = ["foo"]
verbs = ["get", "list", "watch"]
}
rule {
api_groups = ["apps"]
resources = ["deployments"]
verbs = ["get", "list"]
}
}
The following arguments are supported:
metadata
- (Required) Standard role's metadata. For more info see Kubernetes referencerule
- (Required) List of rules that define the set of permissions for this role. For more info see Kubernetes referencemetadata
annotations
- (Optional) An unstructured key value map stored with the role that may be used to store arbitrary metadata.generate_name
- (Optional) Prefix, used by the server, to generate a unique name ONLY IF the name
field has not been provided. This value will also be combined with a unique suffix. For more info see Kubernetes referencelabels
- (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the role. Must match selector
.name
- (Optional) Name of the role, must be unique. Cannot be updated. For more info see Kubernetes referencenamespace
- (Optional) Namespace defines the space within which name of the role must be unique.generation
- A sequence number representing a specific generation of the desired state.resource_version
- An opaque value that represents the internal version of this role that can be used by clients to determine when role has changed. For more info see Kubernetes referenceuid
- The unique in time and space value for this role. For more info see Kubernetes referencerule
api_groups
- (Required) List of APIGroups that contains the resources.resources
- (Required) List of resources that the rule applies to.resource_names
- (Optional) White list of names that the rule applies to.verbs
- (Required) List of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule.Role can be imported using the namespace and name, e.g.
$ terraform import kubernetes_role.example default/terraform-example