gmaliar · February 2, 2019 13:10
diff --git a/vault.tf b/vault.tf
  resource "kubernetes_role_binding" "vault-operator-role-binding" {
  metadata {
    name = "vault-operator-rolebinding"
  }
  role_ref {
    api_group = "rbac.authorization.k8s.io"
    kind = "Role"
    name = "vault-operator-role"
  }
  subject {
    api_group = ""
    kind = "ServiceAccount"
    name = "default"
    namespace = "default"
  }
 }

 resource "kubernetes_role" "vault-operator-role" {
  metadata {
    name = "vault-operator-role"
  }

  rule {
    api_groups = ["etcd.database.coreos.com"]
    resources = ["etcdclusters", "etcdbackups", "etcdrestores"]
    verbs = ["*"]
  }
  rule {
    api_groups = ["vault.security.coreos.com"]
    resources = ["vaultservices"]
    verbs = ["*"]
  }
  rule {
    api_groups = ["storage.k8s.io"]
    resources = ["storageclasses"]
    verbs = ["*"]
  }

  rule {
    api_groups = [""]
    resources = ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "configmaps", "secrets"]
    verbs = ["*"]
  }
  rule {
    api_groups = ["apps"]
    resources = ["deployments"]
    verbs = ["*"]
  }
 }

 resource "null_resource" "vault-operator" {
  provisioner "local-exec" {
    command = "kubectl apply -f https://gist.githubusercontent.com/gmaliar/f703d0e2400783c75423fe708868f331/raw/114aba19b25b5c09a35b5bd7ff1aeadf62219781/vault.yml"
  }
 }
	resource "kubernetes_role_binding" "vault-operator-role-binding" {
	metadata {
	name = "vault-operator-rolebinding"
	}
	role_ref {
	api_group = "rbac.authorization.k8s.io"
	kind = "Role"
	name = "vault-operator-role"
	}
	subject {
	api_group = ""
	kind = "ServiceAccount"
	name = "default"
	namespace = "default"
	}
	}

	resource "kubernetes_role" "vault-operator-role" {
	metadata {
	name = "vault-operator-role"
	}

	rule {
	api_groups = ["etcd.database.coreos.com"]
	resources = ["etcdclusters", "etcdbackups", "etcdrestores"]
	verbs = ["*"]
	}
	rule {
	api_groups = ["vault.security.coreos.com"]
	resources = ["vaultservices"]
	verbs = ["*"]
	}
	rule {
	api_groups = ["storage.k8s.io"]
	resources = ["storageclasses"]
	verbs = ["*"]
	}

	rule {
	api_groups = [""]
	resources = ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "configmaps", "secrets"]
	verbs = ["*"]
	}
	rule {
	api_groups = ["apps"]
	resources = ["deployments"]
	verbs = ["*"]
	}
	}

	resource "null_resource" "vault-operator" {
	provisioner "local-exec" {
	command = "kubectl apply -f https://gist.githubusercontent.com/gmaliar/f703d0e2400783c75423fe708868f331/raw/114aba19b25b5c09a35b5bd7ff1aeadf62219781/vault.yml"
	}
	}