Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Allow overriding service-account-name #1193

Merged
merged 2 commits into from
Nov 19, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/add-ons/aws-efs-csi-driver.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,6 @@ The following is configured to ArgoCD App of Apps for this Add-on.
```hcl
argocd_gitops_config = {
enable = true
serviceAccountName = local.service_account_name
serviceAccountName = local.service_account
}
```
2 changes: 1 addition & 1 deletion docs/add-ons/aws-fsx-csi-driver.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,6 @@ The following is configured to ArgoCD App of Apps for this Add-on.
```hcl
argocd_gitops_config = {
enable = true
serviceAccountName = local.service_account_name
serviceAccountName = local.service_account
}
```
4 changes: 2 additions & 2 deletions docs/add-ons/aws-load-balancer-controller.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ You can optionally customize the Helm chart that deploys `aws-lb-ingress-control

```hcl
enable_aws_load_balancer_controller = true
# Optional
# Optional
aws_load_balancer_controller_helm_config = {
name = "aws-load-balancer-controller"
chart = "aws-load-balancer-controller"
Expand Down Expand Up @@ -47,6 +47,6 @@ The following properties are made available for use when managing the add-on via
```
awsLoadBalancerController = {
enable = true
serviceAccountName = "<service_account_name>"
serviceAccountName = "<service_account>"
}
```
2 changes: 1 addition & 1 deletion docs/add-ons/cluster-autoscaler.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,6 @@ The following properties are made available for use when managing the add-on via
```hcl
clusterAutoscaler = {
enable = true
serviceAccountName = "<service_account_name>"
serviceAccountName = "<service_account>"
}
```
6 changes: 3 additions & 3 deletions docs/add-ons/crossplane.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ You can optionally customize the Helm chart that deploys `Crossplane` via the fo
version = "1.6.2"
namespace = "crossplane-system"
values = [templatefile("${path.module}/values.yaml", {
service_account_name = var.service_account_name,
operating_system = "linux"
service_account = var.service_account,
operating_system = "linux"
})]
}

Expand All @@ -56,7 +56,7 @@ crossplane_aws_provider = {
provider_aws_version = "v0.24.1" # Get the latest version from https://github.com/crossplane/provider-aws
additional_irsa_policies = ["arn:aws:iam::aws:policy/AdministratorAccess"]
}
```
```

Config to deploy [Terrajet AWS Provider](https://github.com/crossplane-contrib/provider-jet-aws)
```hcl
Expand Down
2 changes: 1 addition & 1 deletion docs/add-ons/external-dns.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,6 @@ The following properties are made available for use when managing the add-on via
external_dns = {
enable = true
zoneFilterIds = local.zone_filter_ids
serviceAccountName = local.service_account_name
serviceAccountName = local.service_account
}
```
4 changes: 2 additions & 2 deletions docs/add-ons/karpenter.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ You can optionally customize the Helm chart that deploys `Karpenter` via the fol
values = [templatefile("${path.module}/values.yaml", {
eks_cluster_id = var.eks_cluster_id,
eks_cluster_endpoint = var.eks_cluster_endpoint,
service_account_name = var.service_account_name,
service_account = var.service_account,
operating_system = "linux"
})]
}
Expand All @@ -42,7 +42,7 @@ Refer to [locals.tf](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob
```hcl
argocd_gitops_config = {
enable = true
serviceAccountName = local.service_account_name
serviceAccountName = local.service_account
controllerClusterName = var.eks_cluster_id
controllerClusterEndpoint = local.eks_cluster_endpoint
awsDefaultInstanceProfile = var.node_iam_instance_profile
Expand Down
2 changes: 1 addition & 1 deletion docs/add-ons/keda.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,6 @@ The following properties are made available for use when managing the add-on via
```
keda = {
enable = true
serviceAccountName = "<service_account_name>"
serviceAccountName = "<service_account>"
}
```
2 changes: 1 addition & 1 deletion docs/add-ons/kube-state-metrics.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,6 @@ The following properties are made available for use when managing the add-on via
```hcl-terraform
argocd_gitops_config = {
enable = true
serviceAccountName = local.service_account_name
serviceAccountName = local.service_account
}
```
2 changes: 1 addition & 1 deletion docs/add-ons/kubernetes-dashboard.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ The following properties are made available for use when managing the add-on via
```hcl-terraform
argocd_gitops_config = {
enable = true
serviceAccountName = local.service_account_name
serviceAccountName = local.service_account
}
```

Expand Down
2 changes: 1 addition & 1 deletion docs/add-ons/nginx.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,6 @@ GitOps with ArgoCD Add-on repo is located [here](https://github.com/aws-samples/
``` hcl
argocd_gitops_config = {
enable = true
serviceAccountName = local.service_account_name
serviceAccountName = local.service_account
}
```
2 changes: 1 addition & 1 deletion docs/add-ons/prometheus.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,6 @@ prometheus = {
enable = true
ampWorkspaceUrl = "<workspace_url>"
roleArn = "<role_arn>"
serviceAccountName = "<service_account_name>"
serviceAccountName = "<service_account>"
}
```
2 changes: 1 addition & 1 deletion modules/kubernetes-addons/appmesh-controller/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ module "helm_addon" {
create_kubernetes_namespace = true
kubernetes_namespace = local.namespace
create_kubernetes_service_account = true
kubernetes_service_account = local.name
kubernetes_service_account = try(var.helm_config.service_account, local.name)
nitrocode marked this conversation as resolved.
Show resolved Hide resolved
irsa_iam_policies = concat([aws_iam_policy.this.arn], var.irsa_policies)
}

Expand Down
12 changes: 6 additions & 6 deletions modules/kubernetes-addons/aws-cloudwatch-metrics/locals.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
locals {
name = "aws-cloudwatch-metrics"
namespace = "amazon-cloudwatch"
service_account_name = "cloudwatch-agent"
name = "aws-cloudwatch-metrics"
namespace = "amazon-cloudwatch"
service_account = try(var.helm_config.service_account, "cloudwatch-agent")

# https://github.com/aws/eks-charts/blob/master/stable/aws-cloudwatch-metrics/Chart.yaml
default_helm_config = {
Expand All @@ -26,7 +26,7 @@ locals {
set_values = [
{
name = "serviceAccount.name"
value = local.service_account_name
value = local.service_account
},
{
name = "serviceAccount.create"
Expand All @@ -36,14 +36,14 @@ locals {

irsa_config = {
kubernetes_namespace = local.helm_config["namespace"]
kubernetes_service_account = local.service_account_name
kubernetes_service_account = local.service_account
create_kubernetes_namespace = try(local.helm_config["create_namespace"], true)
create_kubernetes_service_account = true
irsa_iam_policies = concat(["arn:${var.addon_context.aws_partition_id}:iam::aws:policy/CloudWatchAgentServerPolicy"], var.irsa_policies)
}

argocd_gitops_config = {
enable = true
serviceAccountName = local.service_account_name
serviceAccountName = local.service_account
}
}
9 changes: 5 additions & 4 deletions modules/kubernetes-addons/aws-ebs-csi-driver/main.tf
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
locals {
name = "aws-ebs-csi-driver"

create_irsa = try(var.addon_config.service_account_role_arn == "", true)
namespace = try(var.helm_config.namespace, "kube-system")
create_irsa = try(var.addon_config.service_account_role_arn == "", true)
namespace = try(var.helm_config.namespace, "kube-system")
service_account = try(var.helm_config.service_account, "ebs-csi-controller-sa")
}

data "aws_eks_addon_version" "this" {
Expand Down Expand Up @@ -63,7 +64,7 @@ module "helm_addon" {
create_kubernetes_namespace = try(var.helm_config.create_namespace, false)
kubernetes_namespace = local.namespace
create_kubernetes_service_account = true
kubernetes_service_account = "ebs-csi-controller-sa"
kubernetes_service_account = local.service_account
irsa_iam_policies = concat([aws_iam_policy.aws_ebs_csi_driver[0].arn], lookup(var.helm_config, "additional_iam_policies", []))
}

Expand All @@ -79,7 +80,7 @@ module "irsa_addon" {
create_kubernetes_namespace = false
create_kubernetes_service_account = false
kubernetes_namespace = local.namespace
kubernetes_service_account = "ebs-csi-controller-sa"
kubernetes_service_account = local.service_account
irsa_iam_policies = concat([aws_iam_policy.aws_ebs_csi_driver[0].arn], lookup(var.addon_config, "additional_iam_policies", []))
irsa_iam_role_path = var.addon_context.irsa_iam_role_path
irsa_iam_permissions_boundary = var.addon_context.irsa_iam_permissions_boundary
Expand Down
12 changes: 6 additions & 6 deletions modules/kubernetes-addons/aws-efs-csi-driver/main.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
locals {
name = try(var.helm_config.name, "aws-efs-csi-driver")
namespace = try(var.helm_config.namespace, "kube-system")
service_account_name = "${local.name}-sa"
name = try(var.helm_config.name, "aws-efs-csi-driver")
namespace = try(var.helm_config.namespace, "kube-system")
service_account = try(var.helm_config.service_account, "${local.name}-sa")
}

module "helm_addon" {
Expand All @@ -23,7 +23,7 @@ module "helm_addon" {

irsa_config = {
kubernetes_namespace = local.namespace
kubernetes_service_account = local.service_account_name
kubernetes_service_account = local.service_account
create_kubernetes_namespace = try(var.helm_config.create_namespace, false)
create_kubernetes_service_account = true
irsa_iam_policies = concat([aws_iam_policy.aws_efs_csi_driver.arn], var.irsa_policies)
Expand All @@ -32,15 +32,15 @@ module "helm_addon" {
set_values = [
{
name = "controller.serviceAccount.name"
value = local.service_account_name
value = local.service_account
},
{
name = "controller.serviceAccount.create"
value = false
},
{
name = "node.serviceAccount.name"
value = local.service_account_name
value = local.service_account
},
{
name = "node.serviceAccount.create"
Expand Down
2 changes: 1 addition & 1 deletion modules/kubernetes-addons/aws-efs-csi-driver/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ output "argocd_gitops_config" {
description = "Configuration used for managing the add-on with ArgoCD"
value = var.manage_via_gitops ? {
enable = true
serviceAccountName = local.service_account_name
serviceAccountName = local.service_account
} : null
}

Expand Down
18 changes: 9 additions & 9 deletions modules/kubernetes-addons/aws-for-fluentbit/locals.tf
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
locals {
name = "aws-for-fluent-bit"
log_group_name = var.cw_log_group_name == null ? "/${var.addon_context.eks_cluster_id}/worker-fluentbit-logs" : var.cw_log_group_name
service_account_name = "${local.name}-sa"
name = "aws-for-fluent-bit"
log_group_name = var.cw_log_group_name == null ? "/${var.addon_context.eks_cluster_id}/worker-fluentbit-logs" : var.cw_log_group_name
service_account = try(var.helm_config.service_account, "${local.name}-sa")

set_values = [
{
name = "serviceAccount.name"
value = local.service_account_name
value = local.service_account
},
{
name = "serviceAccount.create"
Expand All @@ -31,20 +31,20 @@ locals {
)

default_helm_values = [templatefile("${path.module}/values.yaml", {
aws_region = var.addon_context.aws_region_name,
log_group_name = local.log_group_name,
service_account_name = local.service_account_name
aws_region = var.addon_context.aws_region_name,
log_group_name = local.log_group_name,
service_account = local.service_account
})]

argocd_gitops_config = {
enable = true
logGroupName = local.log_group_name
serviceAccountName = local.service_account_name
serviceAccountName = local.service_account
}

irsa_config = {
kubernetes_namespace = local.helm_config["namespace"]
kubernetes_service_account = local.service_account_name
kubernetes_service_account = local.service_account
create_kubernetes_namespace = try(local.helm_config["create_namespace"], true)
create_kubernetes_service_account = true
irsa_iam_policies = concat([aws_iam_policy.aws_for_fluent_bit.arn], var.irsa_policies)
Expand Down
2 changes: 1 addition & 1 deletion modules/kubernetes-addons/aws-for-fluentbit/values.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
serviceAccount:
create: false
name: ${service_account_name}
name: ${service_account}

cloudWatch:
enabled: true
Expand Down
14 changes: 7 additions & 7 deletions modules/kubernetes-addons/aws-fsx-csi-driver/locals.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
locals {
name = "aws-fsx-csi-driver"
service_account_name = "fsx-csi-sa"
namespace = "kube-system"
name = "aws-fsx-csi-driver"
service_account = try(var.helm_config.service_account, "fsx-csi-sa")
namespace = "kube-system"

# https://github.com/kubernetes-sigs/aws-fsx-csi-driver/blob/master/charts/aws-fsx-csi-driver/Chart.yaml
default_helm_config = {
Expand All @@ -18,15 +18,15 @@ locals {
set_values = [
{
name = "controller.serviceAccount.name"
value = local.service_account_name
value = local.service_account
},
{
name = "controller.serviceAccount.create"
value = false
},
{
name = "node.serviceAccount.name"
value = local.service_account_name
value = local.service_account
},
{
name = "node.serviceAccount.create"
Expand All @@ -36,7 +36,7 @@ locals {

irsa_config = {
kubernetes_namespace = local.helm_config["namespace"]
kubernetes_service_account = local.service_account_name
kubernetes_service_account = local.service_account
create_kubernetes_namespace = try(local.helm_config["create_namespace"], true)
create_kubernetes_service_account = true
irsa_iam_policies = concat([aws_iam_policy.aws_fsx_csi_driver.arn], var.irsa_policies)
Expand All @@ -45,6 +45,6 @@ locals {

argocd_gitops_config = {
enable = true
serviceAccountName = local.service_account_name
serviceAccountName = local.service_account
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ If the IAM role is too long, override the service account name in the `helm_conf
```hcl
enable_aws_load_balancer_controller = true
aws_load_balancer_controller_helm_config = {
service_account_name = "aws-lb-sa"
service_account = "aws-lb-sa"
nitrocode marked this conversation as resolved.
Show resolved Hide resolved
}
```

Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
locals {
name = "aws-load-balancer-controller"
service_account_name = try(var.helm_config["service_account_name"], "${local.name}-sa")
name = "aws-load-balancer-controller"
service_account = try(var.helm_config.service_account, "${local.name}-sa")

# https://github.com/aws/eks-charts/blob/master/stable/aws-load-balancer-controller/Chart.yaml
default_helm_config = {
Expand Down Expand Up @@ -28,7 +28,7 @@ locals {
[
{
name = "serviceAccount.name"
value = local.service_account_name
value = local.service_account
},
{
name = "serviceAccount.create"
Expand All @@ -40,12 +40,12 @@ locals {

argocd_gitops_config = {
enable = true
serviceAccountName = local.service_account_name
serviceAccountName = local.service_account
}

irsa_config = {
kubernetes_namespace = local.helm_config["namespace"]
kubernetes_service_account = local.service_account_name
kubernetes_service_account = local.service_account
create_kubernetes_namespace = try(local.helm_config["create_namespace"], true)
create_kubernetes_service_account = true
irsa_iam_policies = [aws_iam_policy.aws_load_balancer_controller.arn]
Expand Down
Loading