Merge pull request #19 from radiant-maxar/release-0.6.5

Release 0.6.5
radiant-maxar · Jan 19, 2024 · 3b59c70 · 3b59c70
2 parents fa1cdd3 + 6fbddb3
commit 3b59c70
Show file tree

Hide file tree

Showing 9 changed files with 25 additions and 20 deletions.
diff --git a/cert-manager.tf b/cert-manager.tf
@@ -6,7 +6,7 @@ locals {
 module "cert_manager_irsa" {
   count   = var.cert_manager ? 1 : 0
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.33.0"
+  version = "~> 5.33.1"
 
   role_name = "${var.cluster_name}-cert-manager-role"
 

diff --git a/crossplane.tf b/crossplane.tf
@@ -1,24 +1,25 @@
 ## Crossplane
 module "crossplane_irsa" {
-  count   = var.crossplane ? 1 : 0
+  count   = var.crossplane && var.crossplane_irsa ? 1 : 0
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.33.0"
+  version = "~> 5.33.1"
 
   role_name = "${var.cluster_name}-crossplane-role"
 
+  assume_role_condition_test = "StringLike"
   oidc_providers = {
     main = {
       provider_arn = module.eks.oidc_provider_arn
       namespace_service_accounts = [
-        "${var.crossplane_namespace}:crossplane-system:provider-aws-*",
+        "${var.crossplane_namespace}:${var.crossplane_service_account_name}",
       ]
     }
   }
   tags = var.tags
 }
 
 resource "aws_iam_role_policy_attachment" "crossplane" {
-  count      = var.crossplane ? length(var.crossplane_policy_arns) : 0
+  count      = var.crossplane && var.crossplane_irsa ? length(var.crossplane_policy_arns) : 0
   role       = module.crossplane_irsa[0].iam_role_name
   policy_arn = var.crossplane_policy_arns[count.index]
   depends_on = [
@@ -37,18 +38,10 @@ resource "helm_release" "crossplane" {
   wait             = var.crossplane_wait
 
   values = [
-    yamlencode({
-      serviceAccount = {
-        annotations = {
-          "eks.amazonaws.com/role-arn" = module.crossplane_irsa[0].iam_role_arn
-        }
-      }
-    }),
     yamlencode(var.crossplane_values),
   ]
 
   depends_on = [
-    module.crossplane_irsa[0],
     module.eks,
   ]
 }
diff --git a/ebs-csi.tf b/ebs-csi.tf
@@ -4,7 +4,7 @@
 module "eks_ebs_csi_driver_irsa" {
   count   = var.ebs_csi_driver ? 1 : 0
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.33.0"
+  version = "~> 5.33.1"
 
   role_name             = "${var.cluster_name}-ebs-csi-role"
   attach_ebs_csi_policy = true

diff --git a/efs-csi.tf b/efs-csi.tf
@@ -25,7 +25,7 @@ resource "aws_efs_mount_target" "eks_efs_private" {
 module "eks_efs_csi_driver_irsa" {
   count   = var.efs_csi_driver ? 1 : 0
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.33.0"
+  version = "~> 5.33.1"
 
   role_name = "${var.cluster_name}-efs-csi-driver-role"
 

diff --git a/lb-controller.tf b/lb-controller.tf
@@ -4,7 +4,7 @@
 module "eks_lb_irsa" {
   count   = var.lb_controller ? 1 : 0
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.33.0"
+  version = "~> 5.33.1"
 
   role_name                              = "${var.cluster_name}-lb-role"
   attach_load_balancer_controller_policy = true

diff --git a/outputs.tf b/outputs.tf
@@ -30,12 +30,12 @@ output "cluster_primary_security_group_id" {
 
 output "crossplane_role_arn" {
   description = "The Crossplane IRSA role Amazon Resource Name (ARN)"
-  value       = var.crossplane ? module.crossplane_irsa[0].iam_role_arn : null
+  value       = var.crossplane && var.crossplane_irsa ? module.crossplane_irsa[0].iam_role_arn : null
 }
 
 output "crossplane_role_name" {
   description = "The Crossplane IRSA role name"
-  value       = var.crossplane ? module.crossplane_irsa[0].iam_role_name : null
+  value       = var.crossplane && var.crossplane_irsa ? module.crossplane_irsa[0].iam_role_name : null
 }
 
 output "ebs_csi_driver_role_arn" {

diff --git a/s3-csi.tf b/s3-csi.tf
@@ -6,7 +6,7 @@ module "eks_s3_csi_driver_irsa" {
   count = var.s3_csi_driver ? 1 : 0
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.33.0"
+  version = "~> 5.33.1"
 
   role_name = "${var.cluster_name}-s3-csi-driver-role"
 

diff --git a/variables.tf b/variables.tf
@@ -127,6 +127,12 @@ variable "crossplane" {
   default     = false
 }
 
+variable "crossplane_irsa" {
+  description = "Indicates whether to create an IRSA role for Crossplane."
+  type        = bool
+  default     = true
+}
+
 variable "crossplane_namespace" {
   default     = "crossplane-system"
   description = "Namespace that Crossplane will use."
@@ -139,6 +145,12 @@ variable "crossplane_policy_arns" {
   type        = list(string)
 }
 
+variable "crossplane_service_account_name" {
+  default     = "provider-aws-*"
+  description = "Crossplane service account name for IRSA binding."
+  type        = string
+}
+
 variable "crossplane_values" {
   description = "Additional custom values for the Crossplane Helm chart."
   type        = any

diff --git a/vpc-cni.tf b/vpc-cni.tf
@@ -2,7 +2,7 @@
 module "eks_vpc_cni_irsa" {
   count   = var.vpc_cni ? 1 : 0
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "5.33.0"
+  version = "~> 5.33.1"
 
   role_name = "${var.cluster_name}-vpc-cni-role"