-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add permissions for S3 write on FluentBit addons; add dependency on EKS addon for generic helm_releases
#203
Conversation
…y on EKS addon for generic `helm_releases`
resources = [ | ||
"arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${try(var.aws_for_fluentbit_cw_log_group.name, "*")}:log-stream:*", | ||
] | ||
dynamic "statement" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changing these blocks to be dynamic is not a breaking change, it will not show up in a diff for users. That only occurs at the resource level
enable_fargate_fluentbit = true | ||
enable_aws_for_fluentbit = true | ||
aws_for_fluentbit = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
somewhat contrived since in order for this to actually send logs to S3, the values output would need to be updated for S3. But, it does test and validate the permission change works as intended
Ref: #118
@@ -68,4 +68,9 @@ resource "helm_release" "this" { | |||
type = try(set_sensitive.value.type, null) | |||
} | |||
} | |||
|
|||
depends_on = [ | |||
# Wait for EBS CSI, etc. to be installed first |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if EBS CSI is not enabled?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nothing in particular. If no addons are passed in via eks_addons
then it will just treat it as a no-op. If any addons are passed in (kube-proxy, VPC CNI, etc.) then it will ensure those are provisioned before the helm_releases
which should be what we want for 99% of the time.
What does this PR do?
helm_releases
Motivation
helm_releases
which requires EBS CSI and it failed since the CSI driver wasn't ready in timeMore
pre-commit run -a
with this PRFor Moderators
Additional Notes