Prepare ns dev for deploy with github runner

Author: Valentin Khramtsov

terraform/modules/k8s-addons/eks-dev-namespace.tf

@@ -0,0 +1,38 @@
+locals {
+  dev_namespace = {
+    namespace   = local.namespaces[index(local.namespaces.*.id, "dev")].id
+    enabled     = local.namespaces[index(local.namespaces.*.id, "dev")].enabled
+  }
+}
+
+module "dev_namespace" {
+  count            = local.dev_namespace.enabled ? 1 : 0
+
+  source           = "../eks-kubernetes-namespace"
+  name             = local.dev_namespace.namespace
+  network_policies = []
+
+  depends_on = [helm_release.gha_runner_scale_set]
+}
+resource "kubectl_manifest" "github_runner_role_binding" {
+  count = local.dev_namespace.enabled && local.gha_runner_scale_set_controller.enabled ? 1 : 0
+
+  yaml_body = <<EOF
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: github-runner-role-binding
+  namespace: ${local.dev_namespace.namespace}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: gha-runner-scale-set-gha-rs-no-permission
+  namespace: ${module.gha_runner_scale_set_controller_namespace[0].name}
+EOF
+
+  depends_on = [module.dev_namespace]
+}
+

terraform/modules/k8s-addons/locals.tf

@@ -16,4 +16,5 @@ locals {
   ssl_certificate_arn   = var.ssl_certificate_arn
 
   helm_releases = yamldecode(file("${path.module}/helm-releases.yaml"))["releases"]
+  namespaces    = yamldecode(file("${path.module}/namespaces.yaml"))["namespaces"]
 }

terraform/modules/k8s-addons/namespaces.yaml

@@ -0,0 +1,3 @@
+namespaces:
+  - id: dev
+    enabled: true