diff --git a/docs/add-ons/aws-efs-csi-driver.md b/docs/add-ons/aws-efs-csi-driver.md index e9d771126d..051d2e70c9 100644 --- a/docs/add-ons/aws-efs-csi-driver.md +++ b/docs/add-ons/aws-efs-csi-driver.md @@ -52,6 +52,6 @@ The following is configured to ArgoCD App of Apps for this Add-on. ```hcl argocd_gitops_config = { enable = true - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account } ``` diff --git a/docs/add-ons/aws-fsx-csi-driver.md b/docs/add-ons/aws-fsx-csi-driver.md index 0c5bb4f899..1b1a4a1d87 100644 --- a/docs/add-ons/aws-fsx-csi-driver.md +++ b/docs/add-ons/aws-fsx-csi-driver.md @@ -57,6 +57,6 @@ The following is configured to ArgoCD App of Apps for this Add-on. ```hcl argocd_gitops_config = { enable = true - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account } ``` diff --git a/docs/add-ons/aws-load-balancer-controller.md b/docs/add-ons/aws-load-balancer-controller.md index 42c14e0172..1bee365f98 100644 --- a/docs/add-ons/aws-load-balancer-controller.md +++ b/docs/add-ons/aws-load-balancer-controller.md @@ -17,7 +17,7 @@ You can optionally customize the Helm chart that deploys `aws-lb-ingress-control ```hcl enable_aws_load_balancer_controller = true - # Optional + # Optional aws_load_balancer_controller_helm_config = { name = "aws-load-balancer-controller" chart = "aws-load-balancer-controller" @@ -47,6 +47,6 @@ The following properties are made available for use when managing the add-on via ``` awsLoadBalancerController = { enable = true - serviceAccountName = "" + serviceAccountName = "" } ``` diff --git a/docs/add-ons/cluster-autoscaler.md b/docs/add-ons/cluster-autoscaler.md index 921d319d1d..810dc405a0 100644 --- a/docs/add-ons/cluster-autoscaler.md +++ b/docs/add-ons/cluster-autoscaler.md @@ -22,6 +22,6 @@ The following properties are made available for use when managing the add-on via ```hcl clusterAutoscaler = { enable = true - serviceAccountName = "" + serviceAccountName = "" } ``` diff --git a/docs/add-ons/crossplane.md b/docs/add-ons/crossplane.md index 91e1b43c1c..6b86400fe7 100644 --- a/docs/add-ons/crossplane.md +++ b/docs/add-ons/crossplane.md @@ -30,8 +30,8 @@ You can optionally customize the Helm chart that deploys `Crossplane` via the fo version = "1.6.2" namespace = "crossplane-system" values = [templatefile("${path.module}/values.yaml", { - service_account_name = var.service_account_name, - operating_system = "linux" + service_account = var.service_account, + operating_system = "linux" })] } @@ -56,7 +56,7 @@ crossplane_aws_provider = { provider_aws_version = "v0.24.1" # Get the latest version from https://github.com/crossplane/provider-aws additional_irsa_policies = ["arn:aws:iam::aws:policy/AdministratorAccess"] } -``` +``` Config to deploy [Terrajet AWS Provider](https://github.com/crossplane-contrib/provider-jet-aws) ```hcl diff --git a/docs/add-ons/external-dns.md b/docs/add-ons/external-dns.md index a51ccc21a4..19e6752c72 100644 --- a/docs/add-ons/external-dns.md +++ b/docs/add-ons/external-dns.md @@ -47,6 +47,6 @@ The following properties are made available for use when managing the add-on via external_dns = { enable = true zoneFilterIds = local.zone_filter_ids - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account } ``` diff --git a/docs/add-ons/karpenter.md b/docs/add-ons/karpenter.md index 7adeaf2805..c7b98dd91e 100644 --- a/docs/add-ons/karpenter.md +++ b/docs/add-ons/karpenter.md @@ -26,7 +26,7 @@ You can optionally customize the Helm chart that deploys `Karpenter` via the fol values = [templatefile("${path.module}/values.yaml", { eks_cluster_id = var.eks_cluster_id, eks_cluster_endpoint = var.eks_cluster_endpoint, - service_account_name = var.service_account_name, + service_account = var.service_account, operating_system = "linux" })] } @@ -42,7 +42,7 @@ Refer to [locals.tf](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob ```hcl argocd_gitops_config = { enable = true - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account controllerClusterName = var.eks_cluster_id controllerClusterEndpoint = local.eks_cluster_endpoint awsDefaultInstanceProfile = var.node_iam_instance_profile diff --git a/docs/add-ons/keda.md b/docs/add-ons/keda.md index ae8191c0c3..75b71074c6 100644 --- a/docs/add-ons/keda.md +++ b/docs/add-ons/keda.md @@ -37,6 +37,6 @@ The following properties are made available for use when managing the add-on via ``` keda = { enable = true - serviceAccountName = "" + serviceAccountName = "" } ``` diff --git a/docs/add-ons/kube-state-metrics.md b/docs/add-ons/kube-state-metrics.md index 3fa8df8cb1..6d64b7422e 100644 --- a/docs/add-ons/kube-state-metrics.md +++ b/docs/add-ons/kube-state-metrics.md @@ -37,6 +37,6 @@ The following properties are made available for use when managing the add-on via ```hcl-terraform argocd_gitops_config = { enable = true - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account } ``` diff --git a/docs/add-ons/kubernetes-dashboard.md b/docs/add-ons/kubernetes-dashboard.md index 9e92496120..e78cc0f4da 100644 --- a/docs/add-ons/kubernetes-dashboard.md +++ b/docs/add-ons/kubernetes-dashboard.md @@ -33,7 +33,7 @@ The following properties are made available for use when managing the add-on via ```hcl-terraform argocd_gitops_config = { enable = true - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account } ``` diff --git a/docs/add-ons/nginx.md b/docs/add-ons/nginx.md index 3e67f65337..d5ab3354b5 100644 --- a/docs/add-ons/nginx.md +++ b/docs/add-ons/nginx.md @@ -46,6 +46,6 @@ GitOps with ArgoCD Add-on repo is located [here](https://github.com/aws-samples/ ``` hcl argocd_gitops_config = { enable = true - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account } ``` diff --git a/docs/add-ons/prometheus.md b/docs/add-ons/prometheus.md index 758135a18e..1673781752 100644 --- a/docs/add-ons/prometheus.md +++ b/docs/add-ons/prometheus.md @@ -49,6 +49,6 @@ prometheus = { enable = true ampWorkspaceUrl = "" roleArn = "" - serviceAccountName = "" + serviceAccountName = "" } ``` diff --git a/modules/kubernetes-addons/appmesh-controller/main.tf b/modules/kubernetes-addons/appmesh-controller/main.tf index 616db88907..285086a643 100644 --- a/modules/kubernetes-addons/appmesh-controller/main.tf +++ b/modules/kubernetes-addons/appmesh-controller/main.tf @@ -38,7 +38,7 @@ module "helm_addon" { create_kubernetes_namespace = true kubernetes_namespace = local.namespace create_kubernetes_service_account = true - kubernetes_service_account = local.name + kubernetes_service_account = try(var.helm_config.service_account, local.name) irsa_iam_policies = concat([aws_iam_policy.this.arn], var.irsa_policies) } diff --git a/modules/kubernetes-addons/aws-cloudwatch-metrics/locals.tf b/modules/kubernetes-addons/aws-cloudwatch-metrics/locals.tf index 029a2eb226..bb8a725169 100644 --- a/modules/kubernetes-addons/aws-cloudwatch-metrics/locals.tf +++ b/modules/kubernetes-addons/aws-cloudwatch-metrics/locals.tf @@ -1,7 +1,7 @@ locals { - name = "aws-cloudwatch-metrics" - namespace = "amazon-cloudwatch" - service_account_name = "cloudwatch-agent" + name = "aws-cloudwatch-metrics" + namespace = "amazon-cloudwatch" + service_account = try(var.helm_config.service_account, "cloudwatch-agent") # https://github.com/aws/eks-charts/blob/master/stable/aws-cloudwatch-metrics/Chart.yaml default_helm_config = { @@ -26,7 +26,7 @@ locals { set_values = [ { name = "serviceAccount.name" - value = local.service_account_name + value = local.service_account }, { name = "serviceAccount.create" @@ -36,7 +36,7 @@ locals { irsa_config = { kubernetes_namespace = local.helm_config["namespace"] - kubernetes_service_account = local.service_account_name + kubernetes_service_account = local.service_account create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) create_kubernetes_service_account = true irsa_iam_policies = concat(["arn:${var.addon_context.aws_partition_id}:iam::aws:policy/CloudWatchAgentServerPolicy"], var.irsa_policies) @@ -44,6 +44,6 @@ locals { argocd_gitops_config = { enable = true - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account } } diff --git a/modules/kubernetes-addons/aws-ebs-csi-driver/main.tf b/modules/kubernetes-addons/aws-ebs-csi-driver/main.tf index b66019f95d..3e2a4a1503 100644 --- a/modules/kubernetes-addons/aws-ebs-csi-driver/main.tf +++ b/modules/kubernetes-addons/aws-ebs-csi-driver/main.tf @@ -1,8 +1,9 @@ locals { name = "aws-ebs-csi-driver" - create_irsa = try(var.addon_config.service_account_role_arn == "", true) - namespace = try(var.helm_config.namespace, "kube-system") + create_irsa = try(var.addon_config.service_account_role_arn == "", true) + namespace = try(var.helm_config.namespace, "kube-system") + service_account = try(var.helm_config.service_account, "ebs-csi-controller-sa") } data "aws_eks_addon_version" "this" { @@ -63,7 +64,7 @@ module "helm_addon" { create_kubernetes_namespace = try(var.helm_config.create_namespace, false) kubernetes_namespace = local.namespace create_kubernetes_service_account = true - kubernetes_service_account = "ebs-csi-controller-sa" + kubernetes_service_account = local.service_account irsa_iam_policies = concat([aws_iam_policy.aws_ebs_csi_driver[0].arn], lookup(var.helm_config, "additional_iam_policies", [])) } @@ -79,7 +80,7 @@ module "irsa_addon" { create_kubernetes_namespace = false create_kubernetes_service_account = false kubernetes_namespace = local.namespace - kubernetes_service_account = "ebs-csi-controller-sa" + kubernetes_service_account = local.service_account irsa_iam_policies = concat([aws_iam_policy.aws_ebs_csi_driver[0].arn], lookup(var.addon_config, "additional_iam_policies", [])) irsa_iam_role_path = var.addon_context.irsa_iam_role_path irsa_iam_permissions_boundary = var.addon_context.irsa_iam_permissions_boundary diff --git a/modules/kubernetes-addons/aws-efs-csi-driver/main.tf b/modules/kubernetes-addons/aws-efs-csi-driver/main.tf index 7c6c60e232..c87f9c8255 100644 --- a/modules/kubernetes-addons/aws-efs-csi-driver/main.tf +++ b/modules/kubernetes-addons/aws-efs-csi-driver/main.tf @@ -1,7 +1,7 @@ locals { - name = try(var.helm_config.name, "aws-efs-csi-driver") - namespace = try(var.helm_config.namespace, "kube-system") - service_account_name = "${local.name}-sa" + name = try(var.helm_config.name, "aws-efs-csi-driver") + namespace = try(var.helm_config.namespace, "kube-system") + service_account = try(var.helm_config.service_account, "${local.name}-sa") } module "helm_addon" { @@ -23,7 +23,7 @@ module "helm_addon" { irsa_config = { kubernetes_namespace = local.namespace - kubernetes_service_account = local.service_account_name + kubernetes_service_account = local.service_account create_kubernetes_namespace = try(var.helm_config.create_namespace, false) create_kubernetes_service_account = true irsa_iam_policies = concat([aws_iam_policy.aws_efs_csi_driver.arn], var.irsa_policies) @@ -32,7 +32,7 @@ module "helm_addon" { set_values = [ { name = "controller.serviceAccount.name" - value = local.service_account_name + value = local.service_account }, { name = "controller.serviceAccount.create" @@ -40,7 +40,7 @@ module "helm_addon" { }, { name = "node.serviceAccount.name" - value = local.service_account_name + value = local.service_account }, { name = "node.serviceAccount.create" diff --git a/modules/kubernetes-addons/aws-efs-csi-driver/outputs.tf b/modules/kubernetes-addons/aws-efs-csi-driver/outputs.tf index 4bfbd5e242..b1934d91fa 100644 --- a/modules/kubernetes-addons/aws-efs-csi-driver/outputs.tf +++ b/modules/kubernetes-addons/aws-efs-csi-driver/outputs.tf @@ -2,7 +2,7 @@ output "argocd_gitops_config" { description = "Configuration used for managing the add-on with ArgoCD" value = var.manage_via_gitops ? { enable = true - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account } : null } diff --git a/modules/kubernetes-addons/aws-for-fluentbit/locals.tf b/modules/kubernetes-addons/aws-for-fluentbit/locals.tf index 5435de737e..48d9f4812c 100644 --- a/modules/kubernetes-addons/aws-for-fluentbit/locals.tf +++ b/modules/kubernetes-addons/aws-for-fluentbit/locals.tf @@ -1,12 +1,12 @@ locals { - name = "aws-for-fluent-bit" - log_group_name = var.cw_log_group_name == null ? "/${var.addon_context.eks_cluster_id}/worker-fluentbit-logs" : var.cw_log_group_name - service_account_name = "${local.name}-sa" + name = "aws-for-fluent-bit" + log_group_name = var.cw_log_group_name == null ? "/${var.addon_context.eks_cluster_id}/worker-fluentbit-logs" : var.cw_log_group_name + service_account = try(var.helm_config.service_account, "${local.name}-sa") set_values = [ { name = "serviceAccount.name" - value = local.service_account_name + value = local.service_account }, { name = "serviceAccount.create" @@ -31,20 +31,20 @@ locals { ) default_helm_values = [templatefile("${path.module}/values.yaml", { - aws_region = var.addon_context.aws_region_name, - log_group_name = local.log_group_name, - service_account_name = local.service_account_name + aws_region = var.addon_context.aws_region_name, + log_group_name = local.log_group_name, + service_account = local.service_account })] argocd_gitops_config = { enable = true logGroupName = local.log_group_name - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account } irsa_config = { kubernetes_namespace = local.helm_config["namespace"] - kubernetes_service_account = local.service_account_name + kubernetes_service_account = local.service_account create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) create_kubernetes_service_account = true irsa_iam_policies = concat([aws_iam_policy.aws_for_fluent_bit.arn], var.irsa_policies) diff --git a/modules/kubernetes-addons/aws-for-fluentbit/values.yaml b/modules/kubernetes-addons/aws-for-fluentbit/values.yaml index d5cc255d18..8cbdc20761 100644 --- a/modules/kubernetes-addons/aws-for-fluentbit/values.yaml +++ b/modules/kubernetes-addons/aws-for-fluentbit/values.yaml @@ -1,6 +1,6 @@ serviceAccount: create: false - name: ${service_account_name} + name: ${service_account} cloudWatch: enabled: true diff --git a/modules/kubernetes-addons/aws-fsx-csi-driver/locals.tf b/modules/kubernetes-addons/aws-fsx-csi-driver/locals.tf index 6e0f4eaf82..8529d45aff 100644 --- a/modules/kubernetes-addons/aws-fsx-csi-driver/locals.tf +++ b/modules/kubernetes-addons/aws-fsx-csi-driver/locals.tf @@ -1,7 +1,7 @@ locals { - name = "aws-fsx-csi-driver" - service_account_name = "fsx-csi-sa" - namespace = "kube-system" + name = "aws-fsx-csi-driver" + service_account = try(var.helm_config.service_account, "fsx-csi-sa") + namespace = "kube-system" # https://github.com/kubernetes-sigs/aws-fsx-csi-driver/blob/master/charts/aws-fsx-csi-driver/Chart.yaml default_helm_config = { @@ -18,7 +18,7 @@ locals { set_values = [ { name = "controller.serviceAccount.name" - value = local.service_account_name + value = local.service_account }, { name = "controller.serviceAccount.create" @@ -26,7 +26,7 @@ locals { }, { name = "node.serviceAccount.name" - value = local.service_account_name + value = local.service_account }, { name = "node.serviceAccount.create" @@ -36,7 +36,7 @@ locals { irsa_config = { kubernetes_namespace = local.helm_config["namespace"] - kubernetes_service_account = local.service_account_name + kubernetes_service_account = local.service_account create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) create_kubernetes_service_account = true irsa_iam_policies = concat([aws_iam_policy.aws_fsx_csi_driver.arn], var.irsa_policies) @@ -45,6 +45,6 @@ locals { argocd_gitops_config = { enable = true - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account } } diff --git a/modules/kubernetes-addons/aws-load-balancer-controller/README.md b/modules/kubernetes-addons/aws-load-balancer-controller/README.md index 644c09bc97..09fa95fe92 100644 --- a/modules/kubernetes-addons/aws-load-balancer-controller/README.md +++ b/modules/kubernetes-addons/aws-load-balancer-controller/README.md @@ -62,7 +62,7 @@ If the IAM role is too long, override the service account name in the `helm_conf ```hcl enable_aws_load_balancer_controller = true aws_load_balancer_controller_helm_config = { - service_account_name = "aws-lb-sa" + service_account = "aws-lb-sa" } ``` diff --git a/modules/kubernetes-addons/aws-load-balancer-controller/locals.tf b/modules/kubernetes-addons/aws-load-balancer-controller/locals.tf index 281a549c27..8be2238d3a 100644 --- a/modules/kubernetes-addons/aws-load-balancer-controller/locals.tf +++ b/modules/kubernetes-addons/aws-load-balancer-controller/locals.tf @@ -1,6 +1,6 @@ locals { - name = "aws-load-balancer-controller" - service_account_name = try(var.helm_config["service_account_name"], "${local.name}-sa") + name = "aws-load-balancer-controller" + service_account = try(var.helm_config.service_account, "${local.name}-sa") # https://github.com/aws/eks-charts/blob/master/stable/aws-load-balancer-controller/Chart.yaml default_helm_config = { @@ -28,7 +28,7 @@ locals { [ { name = "serviceAccount.name" - value = local.service_account_name + value = local.service_account }, { name = "serviceAccount.create" @@ -40,12 +40,12 @@ locals { argocd_gitops_config = { enable = true - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account } irsa_config = { kubernetes_namespace = local.helm_config["namespace"] - kubernetes_service_account = local.service_account_name + kubernetes_service_account = local.service_account create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) create_kubernetes_service_account = true irsa_iam_policies = [aws_iam_policy.aws_load_balancer_controller.arn] diff --git a/modules/kubernetes-addons/aws-node-termination-handler/locals.tf b/modules/kubernetes-addons/aws-node-termination-handler/locals.tf index e8dc9b5a7a..d13734a0a7 100644 --- a/modules/kubernetes-addons/aws-node-termination-handler/locals.tf +++ b/modules/kubernetes-addons/aws-node-termination-handler/locals.tf @@ -1,7 +1,7 @@ locals { - namespace = "kube-system" - name = "aws-node-termination-handler" - service_account_name = "${local.name}-sa" + namespace = "kube-system" + name = "aws-node-termination-handler" + service_account = try(var.helm_config.service_account, "${local.name}-sa") # https://github.com/aws/eks-charts/blob/master/stable/aws-node-termination-handler/Chart.yaml default_helm_config = { @@ -26,7 +26,7 @@ locals { set_values = [ { name = "serviceAccount.name" - value = local.service_account_name + value = local.service_account }, { name = "serviceAccount.create" @@ -39,7 +39,7 @@ locals { irsa_config = { kubernetes_namespace = local.namespace - kubernetes_service_account = local.service_account_name + kubernetes_service_account = local.service_account create_kubernetes_namespace = false create_kubernetes_service_account = true irsa_iam_policies = concat([aws_iam_policy.aws_node_termination_handler_irsa.arn], var.irsa_policies) diff --git a/modules/kubernetes-addons/aws-privateca-issuer/locals.tf b/modules/kubernetes-addons/aws-privateca-issuer/locals.tf index 893f84e255..2405511752 100644 --- a/modules/kubernetes-addons/aws-privateca-issuer/locals.tf +++ b/modules/kubernetes-addons/aws-privateca-issuer/locals.tf @@ -1,6 +1,6 @@ locals { - name = "aws-privateca-issuer" - service_account_name = "${local.name}-sa" + name = "aws-privateca-issuer" + service_account = try(var.helm_config.service_account, "${local.name}-sa") # https://github.com/cert-manager/aws-privateca-issuer/blob/main/charts/aws-pca-issuer/Chart.yaml default_helm_config = { @@ -24,7 +24,7 @@ locals { }, { name = "serviceAccount.name" - value = local.service_account_name + value = local.service_account } ] @@ -32,12 +32,12 @@ locals { create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) kubernetes_namespace = local.helm_config["namespace"] create_kubernetes_service_account = true - kubernetes_service_account = local.service_account_name + kubernetes_service_account = local.service_account irsa_iam_policies = concat([aws_iam_policy.aws_privateca_issuer.arn], var.irsa_policies) } argocd_gitops_config = { enable = true - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account } } diff --git a/modules/kubernetes-addons/cert-manager/locals.tf b/modules/kubernetes-addons/cert-manager/locals.tf index 5986640382..8ff435d3b1 100644 --- a/modules/kubernetes-addons/cert-manager/locals.tf +++ b/modules/kubernetes-addons/cert-manager/locals.tf @@ -1,6 +1,6 @@ locals { - name = "cert-manager" - service_account_name = "cert-manager" # AWS PrivateCA is expecting the service account name as `cert-manager` + name = "cert-manager" + service_account = "cert-manager" # AWS PrivateCA is expecting the service account name as `cert-manager` # https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/Chart.template.yaml default_helm_config = { @@ -24,7 +24,7 @@ locals { [ { name = "serviceAccount.name" - value = local.service_account_name + value = local.service_account }, { name = "serviceAccount.create" @@ -36,7 +36,7 @@ locals { irsa_config = { kubernetes_namespace = local.helm_config["namespace"] - kubernetes_service_account = local.service_account_name + kubernetes_service_account = local.service_account create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) create_kubernetes_service_account = true kubernetes_svc_image_pull_secrets = var.kubernetes_svc_image_pull_secrets @@ -45,6 +45,6 @@ locals { argocd_gitops_config = { enable = true - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account } } diff --git a/modules/kubernetes-addons/cluster-autoscaler/main.tf b/modules/kubernetes-addons/cluster-autoscaler/main.tf index fdea6f927a..69538af779 100644 --- a/modules/kubernetes-addons/cluster-autoscaler/main.tf +++ b/modules/kubernetes-addons/cluster-autoscaler/main.tf @@ -1,7 +1,7 @@ locals { name = try(var.helm_config.name, "cluster-autoscaler") namespace = try(var.helm_config.namespace, "kube-system") - service_account = "${local.name}-sa" + service_account = try(var.helm_config.service_account, "${local.name}-sa") } module "helm_addon" { diff --git a/modules/kubernetes-addons/crossplane/locals.tf b/modules/kubernetes-addons/crossplane/locals.tf index 710387f664..dcb90ed620 100644 --- a/modules/kubernetes-addons/crossplane/locals.tf +++ b/modules/kubernetes-addons/crossplane/locals.tf @@ -23,7 +23,7 @@ locals { aws_provider_sa = "aws-provider" jet_aws_provider_sa = "jet-aws-provider" - kubernetes_provider_sa = "kubernetes-provider" + kubernetes_provider_sa = try(var.helm_config.service_account, "kubernetes-provider") aws_current_account_id = var.account_id aws_current_partition = var.aws_partition } diff --git a/modules/kubernetes-addons/external-dns/main.tf b/modules/kubernetes-addons/external-dns/main.tf index d7a9483d92..7234d313af 100644 --- a/modules/kubernetes-addons/external-dns/main.tf +++ b/modules/kubernetes-addons/external-dns/main.tf @@ -1,10 +1,10 @@ locals { - name = try(var.helm_config.name, "external-dns") - service_account_name = "${local.name}-sa" + name = try(var.helm_config.name, "external-dns") + service_account = try(var.helm_config.service_account, "${local.name}-sa") argocd_gitops_config = { enable = true - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account } } @@ -35,7 +35,7 @@ module "helm_addon" { [ { name = "serviceAccount.name" - value = local.service_account_name + value = local.service_account }, { name = "serviceAccount.create" @@ -49,7 +49,7 @@ module "helm_addon" { create_kubernetes_namespace = try(var.helm_config.create_namespace, true) kubernetes_namespace = try(var.helm_config.namespace, local.name) create_kubernetes_service_account = true - kubernetes_service_account = local.service_account_name + kubernetes_service_account = local.service_account irsa_iam_policies = concat([aws_iam_policy.external_dns.arn], var.irsa_policies) } diff --git a/modules/kubernetes-addons/external-secrets/locals.tf b/modules/kubernetes-addons/external-secrets/locals.tf index 17cdcaca4b..9eca243ca3 100644 --- a/modules/kubernetes-addons/external-secrets/locals.tf +++ b/modules/kubernetes-addons/external-secrets/locals.tf @@ -1,6 +1,6 @@ locals { - name = "external-secrets" - service_account_name = "${local.name}-sa" + name = "external-secrets" + service_account = try(var.helm_config.service_account, "${local.name}-sa") # https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/Chart.yaml helm_config = merge( @@ -18,7 +18,7 @@ locals { set_values = [ { name = "serviceAccount.name" - value = local.service_account_name + value = local.service_account }, { name = "serviceAccount.create" @@ -26,7 +26,7 @@ locals { }, { name = "webhook.serviceAccount.name" - value = local.service_account_name + value = local.service_account }, { name = "webhook.serviceAccount.create" @@ -34,7 +34,7 @@ locals { }, { name = "certController.serviceAccount.name" - value = local.service_account_name + value = local.service_account }, { name = "certController.serviceAccount.create" @@ -44,7 +44,7 @@ locals { irsa_config = { kubernetes_namespace = local.helm_config["namespace"] - kubernetes_service_account = local.service_account_name + kubernetes_service_account = local.service_account create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) create_kubernetes_service_account = true irsa_iam_policies = concat([aws_iam_policy.external_secrets.arn], var.irsa_policies) @@ -52,6 +52,6 @@ locals { argocd_gitops_config = { enable = true - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account } } diff --git a/modules/kubernetes-addons/grafana/locals.tf b/modules/kubernetes-addons/grafana/locals.tf index 6e8da844c8..420a50e48e 100644 --- a/modules/kubernetes-addons/grafana/locals.tf +++ b/modules/kubernetes-addons/grafana/locals.tf @@ -35,8 +35,8 @@ locals { irsa_config = { kubernetes_namespace = local.helm_config["namespace"] - kubernetes_service_account = local.name - create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) + kubernetes_service_account = try(var.helm_config.service_account, local.name) + create_kubernetes_namespace = try(local.helm_config.create_namespace, true) create_kubernetes_service_account = true irsa_iam_policies = concat([aws_iam_policy.grafana.arn], var.irsa_policies) } diff --git a/modules/kubernetes-addons/karpenter/locals.tf b/modules/kubernetes-addons/karpenter/locals.tf index eeda15a5cb..9172d5aa28 100644 --- a/modules/kubernetes-addons/karpenter/locals.tf +++ b/modules/kubernetes-addons/karpenter/locals.tf @@ -1,9 +1,9 @@ locals { - name = "karpenter" - service_account_name = "karpenter" + name = "karpenter" + service_account = try(var.helm_config.service_account, "karpenter") set_values = [{ name = "serviceAccount.name" - value = local.service_account_name + value = local.service_account }, { name = "serviceAccount.create" @@ -34,7 +34,7 @@ locals { irsa_config = { kubernetes_namespace = local.helm_config["namespace"] - kubernetes_service_account = local.service_account_name + kubernetes_service_account = local.service_account create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) create_kubernetes_service_account = true irsa_iam_policies = concat([aws_iam_policy.karpenter.arn], var.irsa_policies) @@ -42,7 +42,7 @@ locals { argocd_gitops_config = { enable = true - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account controllerClusterEndpoint = var.addon_context.aws_eks_cluster_endpoint awsDefaultInstanceProfile = var.node_iam_instance_profile } diff --git a/modules/kubernetes-addons/keda/locals.tf b/modules/kubernetes-addons/keda/locals.tf index 0e9587985f..f4dfb9d63f 100644 --- a/modules/kubernetes-addons/keda/locals.tf +++ b/modules/kubernetes-addons/keda/locals.tf @@ -1,6 +1,6 @@ locals { - name = "keda" - service_account_name = "keda-operator-sa" + name = "keda" + service_account = try(var.helm_config.service_account, "keda-operator-sa") # https://github.com/kedacore/charts/blob/main/keda/Chart.yaml helm_config = merge( @@ -18,7 +18,7 @@ locals { set_values = [ { name = "serviceAccount.name" - value = local.service_account_name + value = local.service_account }, { name = "serviceAccount.create" @@ -28,7 +28,7 @@ locals { irsa_config = { kubernetes_namespace = local.helm_config["namespace"] - kubernetes_service_account = local.service_account_name + kubernetes_service_account = local.service_account create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) create_kubernetes_service_account = true irsa_iam_policies = concat([aws_iam_policy.keda_irsa.arn], var.irsa_policies) @@ -36,6 +36,6 @@ locals { argocd_gitops_config = { enable = true - serviceAccountName = local.service_account_name + serviceAccountName = local.service_account } } diff --git a/modules/kubernetes-addons/spark-history-server/locals.tf b/modules/kubernetes-addons/spark-history-server/locals.tf index bef17020f3..f8b8b5fce0 100644 --- a/modules/kubernetes-addons/spark-history-server/locals.tf +++ b/modules/kubernetes-addons/spark-history-server/locals.tf @@ -28,7 +28,7 @@ locals { irsa_config = { kubernetes_namespace = local.helm_config["namespace"] - kubernetes_service_account = local.name + kubernetes_service_account = try(var.helm_config.service_account, local.name) create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) create_kubernetes_service_account = true irsa_iam_policies = length(var.irsa_policies) > 0 ? var.irsa_policies : ["arn:${var.addon_context.aws_partition_id}:iam::aws:policy/AmazonS3ReadOnlyAccess"] diff --git a/modules/kubernetes-addons/velero/main.tf b/modules/kubernetes-addons/velero/main.tf index bb79415c11..7dd9848643 100644 --- a/modules/kubernetes-addons/velero/main.tf +++ b/modules/kubernetes-addons/velero/main.tf @@ -45,7 +45,7 @@ module "helm_addon" { kubernetes_namespace = local.namespace create_kubernetes_service_account = true - kubernetes_service_account = try(var.helm_config.namespace, local.name) + kubernetes_service_account = try(var.helm_config.service_account, local.name) irsa_iam_policies = concat([aws_iam_policy.velero.arn], var.irsa_policies) }