feat: Add permissions for S3 write on FluentBit addons; add dependency on EKS addon for generic helm_releases
#203
Conversation
…y on EKS addon for generic `helm_releases`
| resources = [ | ||
| "arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${try(var.aws_for_fluentbit_cw_log_group.name, "*")}:log-stream:*", | ||
| ] | ||
| dynamic "statement" { |
There was a problem hiding this comment.
changing these blocks to be dynamic is not a breaking change, it will not show up in a diff for users. That only occurs at the resource level
| enable_fargate_fluentbit = true | ||
| enable_aws_for_fluentbit = true | ||
| aws_for_fluentbit = { |
There was a problem hiding this comment.
somewhat contrived since in order for this to actually send logs to S3, the values output would need to be updated for S3. But, it does test and validate the permission change works as intended
Ref: #118
| @@ -68,4 +68,9 @@ resource "helm_release" "this" { | |||
| type = try(set_sensitive.value.type, null) | |||
| } | |||
| } | |||
|
|
|||
| depends_on = [ | |||
| # Wait for EBS CSI, etc. to be installed first | |||
There was a problem hiding this comment.
What if EBS CSI is not enabled?
There was a problem hiding this comment.
nothing in particular. If no addons are passed in via eks_addons then it will just treat it as a no-op. If any addons are passed in (kube-proxy, VPC CNI, etc.) then it will ensure those are provisioned before the helm_releases which should be what we want for 99% of the time.
What does this PR do?
helm_releasesMotivation
helm_releaseswhich requires EBS CSI and it failed since the CSI driver wasn't ready in timeMore
pre-commit run -awith this PRFor Moderators
Additional Notes