Skip to content

Commit

Permalink
fix: Velero serviceAccount IRSA configuration and resouces Policy (
Browse files Browse the repository at this point in the history 
…#147)
  • Loading branch information
@rodrigobersa
rodrigobersa committed Apr 27, 2023
1 parent 6cc89c5 commit 934a1ea
Showing 1 changed file with 10 additions and 5 deletions.
15 changes: 10 additions & 5 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2742,10 +2742,11 @@ module "secrets_store_csi_driver_provider_aws" {
################################################################################

locals {
velero_service_account = try(var.velero.service_account_name, "velero-sa")
velero_name = "velero"
velero_service_account = try(var.velero.service_account_name, "${local.velero_name}-server")
velero_backup_s3_bucket = split(":", var.velero.s3_backup_location)
velero_backup_s3_bucket_arn = try(split("/", var.velero.s3_backup_location)[0], var.velero.s3_backup_location)
velero_backup_s3_bucket_name = try(split("/", local.velero_backup_s3_bucket[5])[1], local.velero_backup_s3_bucket[5])
velero_backup_s3_bucket_name = try(split("/", local.velero_backup_s3_bucket[5])[0], local.velero_backup_s3_bucket[5])
velero_backup_s3_bucket_prefix = try(split("/", var.velero.s3_backup_location)[1], "")
}

Expand Down Expand Up @@ -2784,7 +2785,7 @@ data "aws_iam_policy_document" "velero" {
"s3:ListMultipartUploadParts",
"s3:PutObject",
]
resources = [local.velero_backup_s3_bucket_prefix == "" ? "${var.velero.s3_backup_location}/*" : var.velero.s3_backup_location]
resources = ["${var.velero.s3_backup_location}/*"]
}

statement {
Expand Down Expand Up @@ -2849,7 +2850,7 @@ module "velero" {
EOT
},
{
name = "serviceAccount.name"
name = "serviceAccount.server.name"
value = local.velero_service_account
},
{
Expand All @@ -2864,6 +2865,10 @@ module "velero" {
name = "configuration.backupStorageLocation.bucket"
value = local.velero_backup_s3_bucket_name
},
{
name = "configuration.backupStorageLocation.config.region"
value = local.region
},
{
name = "configuration.volumeSnapshotLocation.config.region"
value = local.region
Expand All @@ -2877,7 +2882,7 @@ module "velero" {
set_sensitive = try(var.velero.set_sensitive, [])

# IAM role for service account (IRSA)
set_irsa_names = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
set_irsa_names = ["serviceAccount.server.annotations.eks\\.amazonaws\\.com/role-arn"]
create_role = try(var.velero.create_role, true)
role_name = try(var.velero.role_name, "velero")
role_name_use_prefix = try(var.velero.role_name_use_prefix, true)
Expand Down

0 comments on commit 934a1ea

Please sign in to comment.