Merge pull request #41 from sparkfabrik/fix/1742_cilium_patch

refs platform/1742: add ClusterRoleBinding for cilium
sparkfabrik · Oct 26, 2022 · 52cbd46 · 52cbd46
2 parents ff0c645 + cf08bee
commit 52cbd46
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/main.tf b/main.tf
@@ -382,6 +382,29 @@ module "gke" {
   }
 }
 
+# Fix Cilium warning message about patching the nodes
+# https://github.com/cilium/cilium/issues/19816#issuecomment-1144551910
+resource "kubernetes_cluster_role_binding" "cilium_node_patcher" {
+  metadata {
+    name = "cilium-node-patcher"
+  }
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "ClusterRole"
+    name      = "system:node"
+  }
+  subject {
+    api_group = ""
+    kind      = "ServiceAccount"
+    name      = "cilium"
+    namespace = "kube-system"
+  }
+
+  depends_on = [
+    module.gke
+  ]
+}
+
 resource "kubernetes_namespace" "gitlab_namespace" {
   metadata {
     name = var.gitlab_namespace