Skip to content

Commit

Permalink
adding policies to automatically allow the EBS CSI driver to be deployed
Browse files Browse the repository at this point in the history
Signed-off-by: Christopher Hein <me@chrishein.com>
  • Loading branch information
christopherhein committed Mar 22, 2019
1 parent 68a7f91 commit a70598a
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 0 deletions.
2 changes: 2 additions & 0 deletions pkg/apis/eksctl.io/v1alpha4/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -420,5 +420,7 @@ type (
ExternalDNS *bool `json:"externalDNS"`
// +optional
AppMesh *bool `json:"appMesh"`
// +optional
EBSCSI *bool `json:"ebsCSI"`
}
)
19 changes: 19 additions & 0 deletions pkg/cfn/builder/iam.go
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,25 @@ func (n *NodeGroupResourceSet) addResourcesForIAM() {
)
}

if v := n.spec.IAM.WithAddonPolicies.EBSCSI; v != nil && *v {
n.rs.attachAllowPolicy("PolicyEBSCSI", refIR, "*",
[]string{
"ec2:AttachVolume",
"ec2:CreateSnapshot",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteSnapshot",
"ec2:DeleteTags",
"ec2:DeleteVolume",
"ec2:DescribeInstances",
"ec2:DescribeSnapshots",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DetachVolume",
},
)
}

n.rs.defineOutputFromAtt(outputs.NodeGroupInstanceProfileARN, "NodeInstanceProfile.Arn", true, func(v string) error {
n.spec.IAM.InstanceProfileARN = v
return nil
Expand Down

0 comments on commit a70598a

Please sign in to comment.