Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Added the varaible create_policy to allow users to create their own policy #393

Closed
wants to merge 1 commit into from
Closed

feat: Added the varaible create_policy to allow users to create their own policy #393

wants to merge 1 commit into from

Conversation

markoskandylis
Copy link

@markoskandylis markoskandylis commented May 15, 2024
edited
Loading

What does this PR do?

This is an enchantment, Adding the create_policy variable to allow users to create and use their own policies. A faction already exists in addon module.

🛑 Please open an issue first to discuss any significant work and flesh out details/direction - we would hate for your time to be wasted.
Consult the CONTRIBUTING guide for submitting pull-requests.

Added the variable create_policy (true or false) for the following modules:
aws_efs_csi_driver
aws_for_fluentbit
aws_fsx_csi_driver
aws_privateca_issuer
aws_load_balancer_controller
aws_gateway_api_controller
cluster_proportional_autoscaler
external_secrets
velero

This will allow the users to attach their own policy without creating the preexisting one

Motivation

I want to have the ability to allow the module to create the role but create my own policy
example usage:

module "eks_blueprints_addons" {
  source  = "aws-ia/eks-blueprints-addons/aws"
  version = "~> 1.16"

  cluster_name      = module.eks.cluster_name
  cluster_endpoint  = module.eks.cluster_endpoint
  cluster_version   = module.eks.cluster_version
  oidc_provider_arn = module.eks.oidc_provider_arn

  # Using GitOps Bridge
  create_kubernetes_resources = false

  external_secrets = {
    create_policy = false
    role_policies = {
      external_secreat_policy = aws_iam_policy.external_secrets_irsa_policy.arn
    }
  }

  # EKS Blueprints Addons
  enable_cert_manager                 = local.aws_addons.enable_cert_manager
  enable_aws_efs_csi_driver           = local.aws_addons.enable_aws_efs_csi_driver
  enable_aws_fsx_csi_driver           = local.aws_addons.enable_aws_fsx_csi_driver
  enable_aws_cloudwatch_metrics       = local.aws_addons.enable_aws_cloudwatch_metrics
  enable_aws_privateca_issuer         = local.aws_addons.enable_aws_privateca_issuer
  enable_cluster_autoscaler           = local.aws_addons.enable_cluster_autoscaler
  enable_external_dns                 = local.aws_addons.enable_external_dns
  enable_external_secrets             = local.aws_addons.enable_external_secrets
  enable_aws_load_balancer_controller = local.aws_addons.enable_aws_load_balancer_controller
  enable_fargate_fluentbit            = local.aws_addons.enable_fargate_fluentbit
  enable_aws_for_fluentbit            = local.aws_addons.enable_aws_for_fluentbit
  enable_aws_node_termination_handler = local.aws_addons.enable_aws_node_termination_handler
  enable_karpenter                    = local.aws_addons.enable_karpenter
  enable_velero                       = local.aws_addons.enable_velero
  enable_aws_gateway_api_controller   = local.aws_addons.enable_aws_gateway_api_controller

  tags = local.tags
}

More

  • Yes, I have tested the PR using my local account setup (Provide any test evidence report under Additional Notes)
  • Yes, I ran pre-commit run -a with this PR

For Moderators

  • [] E2E Test successfully complete before merge?

Additional Notes

@markoskandylis markoskandylis requested a review from a team as a code owner May 15, 2024 10:21
@markoskandylis markoskandylis changed the title Added the varaible create_policy to allow users to create their own policy feat: Added the varaible create_policy to allow users to create their own policy May 15, 2024
@bryantbiggs
Copy link
Contributor

see #394 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add the create_policy variable to allow users attach their own policy
2 participants
@markoskandylis @bryantbiggs