v0.3.0

Modules affected

• k8s-tiller [NEW]
• k8s-service-account
• k8s-namespace
• k8s-namespace-roles

Description

This release introduces a new module k8s-tiller, which can be used to use manage Tiller deployments using Terraform. The difference with the kubergrunt approach is that this supports using Terraform to apply updates to the Tiller Deployment resource. E.g you can now upgrade Tiller using Terraform, or update the number of replicas of Tiller Pods to deploy. Note that you still need to use kubergrunt to manage the TLS certificates.

The other modules have backwards compatible minor changes in the way dependencies are managed.

Related links

• #25

v0.2.4

Description

• This release improves the examples and documentation.

Related links

• #21
• #22
• #24
• #23

v0.2.3

Modules affected

• k8s-service-account
• k8s-namespace-roles

Description

• This release adds another set of permissions to the rbac_tiller_resource_access role that allows Tiller to manage PodDisruptionBudgets.
• In the k8s-tiller-minikube example, sometimes the Tiller undeploy fails because it removes the service account role before undeploy, stripping the Tiller pod of its ability to nuke itself. This fixes that by adding a depends_on to the service account output so that we delete the role binding when all resources referencing the service acocunt is deleted.

Related links

• #18

v0.2.2

Modules affected

• k8s-namespace
• k8s-namespace-roles [NEW]

Description

• We broke out the role creation pieces of k8s-namespace into its own submodule, k8s-namespace-roles. This allows you to create the same roles on a preexisting namespace (e.g default or kube-system).

Related links

• #17

v0.2.1

Modules affected

• k8s-namespace

Description

This introduces an example terraform module that deploys Tiller using kubergrunt. This example shows how to setup a Namespace and ServiceAccount for Tiller as well. See the example quickstart guide for an example of how you can combine the modules in this repo with kubergrunt to deploy a best practices Tiller instance.

Other changes:

• k8s-namespace now exports additional roles: namespace-tiller-metadata-access for minimal permissions to Tiller to be able to manage its Secrets and namespace-tiller-resource-access for minimal permissions to deploy resources from helm charts into a target namespace.

Related links

• #15

v0.2.0

Modules affected

• k8s-namespace
• k8s-service-account [BACKWARDS INCOMPATIBLE]

Description

• k8s-namespace and k8s-service-account now implement the input variable dependencies that can be used to specify module dependencies.
• k8s-service-account now also requires RBAC role namespaces to be included when binding rbac roles. This is to allow binding roles that are not in the same namespace as the created ServiceAccount. As a result, the rbac_roles input variable is now a list of maps containing the keys name and namespace.

Migration guide

This is a backwards incompatible release. Specifically, k8s-service-account now requires the rbac_roless variable to be a map.

Related links

• #12

v0.1.0

Modules affected

• k8s-namespace [BACKWARDS INCOMPATIBLE]
• k8s-service-account [BACKWARDS INCOMPATIBLE]

Description

• The RBAC roles and RBAC role bindings are now managed using the kubernetes provider as opposed to kubectl.

Migration guide

This is a backwards incompatible change. Specifically, the modules no longer need to specify a kubectl_config_context_name and kubectl_config_path. Additionally, we now require the number of rbac roles to be passed in as a variable to work around a terraform limitation with looping interpolated lists.

Reference

• #7

v0.0.1

Modules affected

• k8s-namespace
• k8s-service-account

Description

• Introduces k8s-namespace terraform module, which will create a namespace and RBAC roles for admin access and read only access restricted to the namespace.
• Introduces k8s-service-account terraform module, which will create a service account. This module also supports binding RBAC roles to the service account.