From 002cfb1a6f2214092adf066611b9be481d066b17 Mon Sep 17 00:00:00 2001 From: David Holsgrove Date: Thu, 25 Jun 2020 10:24:21 +1000 Subject: [PATCH] feat: Add bool option for automount_service_account_token (#571) Co-authored-by: Morgante Pell --- modules/workload-identity/README.md | 1 + modules/workload-identity/main.tf | 1 + modules/workload-identity/variables.tf | 6 ++++++ 3 files changed, 8 insertions(+) diff --git a/modules/workload-identity/README.md b/modules/workload-identity/README.md index d4dec6fd3..785ad7eb9 100644 --- a/modules/workload-identity/README.md +++ b/modules/workload-identity/README.md @@ -68,6 +68,7 @@ module "my-app-workload-identity" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| +| automount\_service\_account\_token | Enable automatic mounting of the service account token | bool | `"false"` | no | | cluster\_name | Cluster name. Required if using existing KSA. | string | `""` | no | | k8s\_sa\_name | Name for the existing Kubernetes service account | string | `"null"` | no | | location | Cluster location (region if regional cluster, zone if zonal cluster). Required if using existing KSA. | string | `""` | no | diff --git a/modules/workload-identity/main.tf b/modules/workload-identity/main.tf index a27e45860..52ab8f47e 100644 --- a/modules/workload-identity/main.tf +++ b/modules/workload-identity/main.tf @@ -47,6 +47,7 @@ resource "google_service_account" "cluster_service_account" { resource "kubernetes_service_account" "main" { count = var.use_existing_k8s_sa ? 0 : 1 + automount_service_account_token = var.automount_service_account_token metadata { name = var.name namespace = var.namespace diff --git a/modules/workload-identity/variables.tf b/modules/workload-identity/variables.tf index d939b7bd9..0832eb5ef 100644 --- a/modules/workload-identity/variables.tf +++ b/modules/workload-identity/variables.tf @@ -53,3 +53,9 @@ variable "use_existing_k8s_sa" { default = false type = bool } + +variable "automount_service_account_token" { + description = "Enable automatic mounting of the service account token" + default = false + type = bool +}