Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Velero serviceAccount IRSA configuration and resouces Policy #147

Merged
merged 25 commits into from
Apr 27, 2023
Merged

fix: Velero serviceAccount IRSA configuration and resouces Policy #147

Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
df3cca8
Refactor Fargate Fluentbit
rodrigobersa Apr 19, 2023
f1f05d9
Rename `locals`, remove old module from `modules/fargate-fluentbit`
rodrigobersa Apr 20, 2023
8c48b49
PR review fixes
rodrigobersa Apr 20, 2023
3021642
Fixing `gatekeeper` Namespace
rodrigobersa Apr 20, 2023
07fd6dc
Fixing `gatekeeper` Namespace
rodrigobersa Apr 20, 2023
7ba186b
Merge `main`+`fargate-fluentbit`
rodrigobersa Apr 20, 2023
c45a990
Merge `main`
rodrigobersa Apr 20, 2023
52899c8
Merge `main`
rodrigobersa Apr 20, 2023
11b7700
Refactor `velero` addon
rodrigobersa Apr 21, 2023
d2a13be
Refactor `velero` addon
rodrigobersa Apr 21, 2023
aaadfbd
Adding `aws_cloudwatch_log_group.fargate_fluentbit` creation.
rodrigobersa Apr 21, 2023
140068e
Merge branch 'refactor/fargate-fluentbit' into refactor/velero
rodrigobersa Apr 21, 2023
134c4d1
Velero validation tests
rodrigobersa Apr 21, 2023
4c23ed7
Fixing `gatekeeper`output
rodrigobersa Apr 21, 2023
befd802
Fixing Velero `values` content to `set`
rodrigobersa Apr 22, 2023
4e54e47
Merge `main
rodrigobersa Apr 22, 2023
e7577e0
Adding pluto validation on module 4
rodrigobersa Apr 26, 2023
ff64d50
Adjusting S3 variables
rodrigobersa Apr 27, 2023
1851c49
Adjusting velero set configs.
rodrigobersa Apr 27, 2023
25ce926
Refactoring Velero `locals`
rodrigobersa Apr 27, 2023
079d448
Merge `main`
rodrigobersa Apr 27, 2023
e592dec
Tests
rodrigobersa Apr 27, 2023
9b0d472
Fix IRSA and ServiceAccount creation.
rodrigobersa Apr 27, 2023
dc0cfdd
Merge `main`
rodrigobersa Apr 27, 2023
6c2b466
Merge `main`
rodrigobersa Apr 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
15 changes: 10 additions & 5 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2742,10 +2742,11 @@ module "secrets_store_csi_driver_provider_aws" {
################################################################################

locals {
velero_service_account = try(var.velero.service_account_name, "velero-sa")
velero_name = "velero"
velero_service_account = try(var.velero.service_account_name, "${local.velero_name}-server")
velero_backup_s3_bucket = split(":", var.velero.s3_backup_location)
velero_backup_s3_bucket_arn = try(split("/", var.velero.s3_backup_location)[0], var.velero.s3_backup_location)
velero_backup_s3_bucket_name = try(split("/", local.velero_backup_s3_bucket[5])[1], local.velero_backup_s3_bucket[5])
velero_backup_s3_bucket_name = try(split("/", local.velero_backup_s3_bucket[5])[0], local.velero_backup_s3_bucket[5])
velero_backup_s3_bucket_prefix = try(split("/", var.velero.s3_backup_location)[1], "")
}

Expand Down Expand Up @@ -2784,7 +2785,7 @@ data "aws_iam_policy_document" "velero" {
"s3:ListMultipartUploadParts",
"s3:PutObject",
]
resources = [local.velero_backup_s3_bucket_prefix == "" ? "${var.velero.s3_backup_location}/*" : var.velero.s3_backup_location]
resources = ["${var.velero.s3_backup_location}/*"]
}

statement {
Expand Down Expand Up @@ -2849,7 +2850,7 @@ module "velero" {
EOT
},
{
name = "serviceAccount.name"
name = "serviceAccount.server.name"
value = local.velero_service_account
},
{
Expand All @@ -2864,6 +2865,10 @@ module "velero" {
name = "configuration.backupStorageLocation.bucket"
value = local.velero_backup_s3_bucket_name
},
{
name = "configuration.backupStorageLocation.config.region"
value = local.region
},
{
name = "configuration.volumeSnapshotLocation.config.region"
value = local.region
Expand All @@ -2877,7 +2882,7 @@ module "velero" {
set_sensitive = try(var.velero.set_sensitive, [])

# IAM role for service account (IRSA)
set_irsa_names = ["serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"]
set_irsa_names = ["serviceAccount.server.annotations.eks\\.amazonaws\\.com/role-arn"]
create_role = try(var.velero.create_role, true)
role_name = try(var.velero.role_name, "velero")
role_name_use_prefix = try(var.velero.role_name_use_prefix, true)
Expand Down