diff --git a/dynatrace-service.tf b/dynatrace-service.tf index 7b18052..8edc2d9 100644 --- a/dynatrace-service.tf +++ b/dynatrace-service.tf @@ -44,11 +44,42 @@ resource "helm_release" "dynatrace-service" { value = "debug" } + depends_on = [ helm_release.keptn ] } +resource "kubernetes_cluster_role" "dynatrace_service_read_secrets_CR" { + metadata { + name = "dynatrace-service-read-secrets" + } + + rule { + api_groups = [""] + resources = ["secrets"] + verbs = ["get", "list", "watch"] + } + +} + +resource "kubernetes_cluster_role_binding" "dynatrace_service_read_secrets_CRB" { + metadata { + name = "dynatrace_service_read_secrets" + } + role_ref { + api_group = "rbac.authorization.k8s.io" + kind = "ClusterRole" + name = "dynatrace-service-read-secrets" + } + subject { + kind = "ServiceAccount" + name = "dynatrace-service" + namespace = var.KEPTN_NAMESPACE + } + + depends_on = [ helm_release.dynatrace-service, kubernetes_cluster_role.dynatrace_service_read_secrets_CR] +} # resource "null_resource" "kubectl" { diff --git a/keptn.tf b/keptn.tf index fdca8aa..5559e88 100644 --- a/keptn.tf +++ b/keptn.tf @@ -10,7 +10,7 @@ resource "kubernetes_persistent_volume_claim" "nats-js-pvc" { namespace = var.KEPTN_NAMESPACE } spec { - storage_class_name = "region1storageclass" + #storage_class_name = "region1storageclass" access_modes = ["ReadWriteOnce"] resources { requests = { @@ -34,88 +34,88 @@ resource "helm_release" "keptn" { version = var.KEPTN_VERSION create_namespace = true - set { - name = "tolerations[0].key" - value = "dedicated" - } +# set { +# name = "tolerations[0].key" +# value = "dedicated" +# } - set { - name = "tolerations[0].value" - value = "group2" - } +# set { +# name = "tolerations[0].value" +# value = "group2" +# } - set { - name = "tolerations[0].operator" - value = "Equal" - } +# set { +# name = "tolerations[0].operator" +# value = "Equal" +# } - set { - name = "tolerations[0].effect" - value = "NoSchedule" - } +# set { +# name = "tolerations[0].effect" +# value = "NoSchedule" +# } - set { - name = "nodeSelector.role" - value = "group2" - } +# set { +# name = "nodeSelector.role" +# value = "group2" +# } - ##mongodb toleration - set { - name = "mongo.tolerations[0].key" - value = "dedicated" - } +# ##mongodb toleration +# set { +# name = "mongo.tolerations[0].key" +# value = "dedicated" +# } - set { - name = "mongo.tolerations[0].value" - value = "group2" - } +# set { +# name = "mongo.tolerations[0].value" +# value = "group2" +# } - set { - name = "mongo.tolerations[0].operator" - value = "Equal" - } +# set { +# name = "mongo.tolerations[0].operator" +# value = "Equal" +# } - set { - name = "mongo.tolerations[0].effect" - value = "NoSchedule" - } +# set { +# name = "mongo.tolerations[0].effect" +# value = "NoSchedule" +# } - set { - name = "mongo.nodeSelector.role" - value = "group2" - } +# set { +# name = "mongo.nodeSelector.role" +# value = "group2" +# } - set { - name = "mongo.global.storageClass" - value = "region1storageclass" - } +# set { +# name = "mongo.global.storageClass" +# value = "region1storageclass" +# } -##nats toleration - set { - name = "nats.tolerations[0].key" - value = "dedicated" - } +# ##nats toleration +# set { +# name = "nats.tolerations[0].key" +# value = "dedicated" +# } - set { - name = "nats.tolerations[0].value" - value = "group2" - } +# set { +# name = "nats.tolerations[0].value" +# value = "group2" +# } - set { - name = "nats.tolerations[0].operator" - value = "Equal" - } +# set { +# name = "nats.tolerations[0].operator" +# value = "Equal" +# } - set { - name = "nats.tolerations[0].effect" - value = "NoSchedule" - } +# set { +# name = "nats.tolerations[0].effect" +# value = "NoSchedule" +# } - set { - name = "nats.nodeSelector.role" - value = "group2" - } +# set { +# name = "nats.nodeSelector.role" +# value = "group2" +# } set { name = "nats.nats.jetstream.fileStorage.enabled"