temp tf

terraform/modules/cluster-environment/main.tf

@@ -0,0 +1,56 @@
+locals {
+  ns = "${var.app_name}-${var.environment_tag}"
+  labels = {
+    "app.kubernetes.io/name"    = var.app_name
+    "app.kubernetes.io/part-of" = var.app_name
+    "roleypoly/environment"     = var.environment_tag
+  }
+}
+
+resource "kubernetes_namespace" "ns" {
+  metadata {
+    name   = local.ns
+    labels = local.labels
+  }
+}
+
+resource "kubernetes_service_account" "sa" {
+  metadata {
+    name      = "${local.ns}-sa-tf"
+    namespace = local.ns
+    labels    = local.labels
+  }
+}
+
+resource "kubernetes_secret" "sa-key" {
+  metadata {
+    name      = "${local.ns}-sa-tf-key"
+    namespace = local.ns
+    labels    = local.labels
+    annotations = {
+      "kubernetes.io/service-account.name" = kubernetes_service_account.sa.metadata.0.name
+    }
+  }
+
+  type = "kubernetes.io/service-account-token"
+}
+
+resource "kubernetes_role_binding" "sa-admin-rb" {
+  metadata {
+    name      = "${local.ns}-sa-admin-binding"
+    namespace = local.ns
+    labels    = local.labels
+  }
+
+  subject {
+    kind      = "ServiceAccount"
+    name      = kubernetes_service_account.sa.metadata.0.name
+    namespace = local.ns
+  }
+
+  role_ref {
+    kind      = "ClusterRole"
+    name      = "admin"
+    api_group = "rbac.authorization.k8s.io"
+  }
+}

terraform/modules/cluster-environment/output.tf

@@ -0,0 +1,7 @@
+output "service_account_token" {
+  value = lookup(kubernetes_secret.sa-key, "data.token", "")
+}
+
+output "namespace" {
+  value = local.ns
+}

terraform/modules/cluster-environment/variables.tf

@@ -0,0 +1,9 @@
+variable "environment_tag" {
+  type    = string
+  default = "main"
+}
+
+variable "app_name" {
+  type = string
+}
+