Skip to content

Commit

Permalink
feat: make flux allowed namespace a var
Browse files Browse the repository at this point in the history
  • Loading branch information
@ArchiFleKs
ArchiFleKs committed Jun 13, 2019
1 parent 78b587c commit fb84faf
Showing 1 changed file with 15 additions and 11 deletions.
26 changes: 15 additions & 11 deletions terraform/modules/eks-addons/flux.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,34 +6,38 @@ rbac:
create: true
helmOperator:
create: true
additionalArgs:
- --k8s-allow-namespace=${var.flux["allowed_namespaces"]}
VALUES
}

resource "helm_release" "flux" {
count = "${var.flux["enabled"] ? 1 : 0 }"
count = "${var.flux["enabled"] ? 1 : 0 }"
repository = "${data.helm_repository.flux.metadata.0.name}"
name = "flux"
chart = "flux"
version = "${var.flux["chart_version"]}"
values = ["${concat(list(local.values_flux),list(var.flux["extra_values"]))}"]
namespace = "${var.flux["namespace"]}"
name = "flux"
chart = "flux"
version = "${var.flux["chart_version"]}"
values = ["${concat(list(local.values_flux),list(var.flux["extra_values"]))}"]
namespace = "${var.flux["namespace"]}"
}

resource "kubernetes_network_policy" "flux_default_deny" {
count = "${var.flux["enabled"] * var.flux["default_network_policy"]}"
count = "${var.flux["enabled"] * var.flux["default_network_policy"]}"

metadata {
name = "${var.flux["namespace"]}-default-deny"
namespace = "${var.flux["namespace"]}"
}

spec {
pod_selector {}
pod_selector = {}
policy_types = ["Ingress"]
}
}

resource "kubernetes_network_policy" "flux_allow_namespace" {
count = "${var.flux["enabled"] * var.flux["default_network_policy"]}"
count = "${var.flux["enabled"] * var.flux["default_network_policy"]}"

metadata {
name = "${var.flux["namespace"]}-allow-namespace"
namespace = "${var.flux["namespace"]}"
Expand All @@ -51,9 +55,9 @@ resource "kubernetes_network_policy" "flux_allow_namespace" {
name = "${var.flux["namespace"]}"
}
}
}
},
]
}
},
]

policy_types = ["Ingress"]
Expand Down

0 comments on commit fb84faf

Please sign in to comment.