Skip to content

Commit

Permalink
feat(blueprint): attach the ebs control policy to the ebs-csi-addon (#…
Browse files Browse the repository at this point in the history 
…239)

* feat(blueprint): attach the ebs control policy to the ebs-csi-addon

* feat(eks-addons): service account role mapping
  • Loading branch information
@Young-ook
Young-ook authored Jan 12, 2023
1 parent 6bec3fd commit 7b05e6b
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 8 deletions.
12 changes: 9 additions & 3 deletions examples/blueprint/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ module "aws" {
### eks-addons
module "eks-addons" {
source = "Young-ook/eks/aws//modules/eks-addons"
version = "2.0.0"
version = "2.0.3"
tags = var.tags
addons = [
{
Expand All @@ -99,8 +99,14 @@ module "eks-addons" {
eks_name = module.eks.cluster.name
},
{
name = "aws-ebs-csi-driver"
eks_name = module.eks.cluster.name
name = "aws-ebs-csi-driver"
namespace = "kube-system"
serviceaccount = "ebs-csi-controller-sa"
eks_name = module.eks.cluster.name
oidc = module.eks.oidc
policy_arns = [
format("arn:%s:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy", module.aws.partition.partition),
]
},
]
}
Expand Down
11 changes: 6 additions & 5 deletions modules/eks-addons/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
### application/addons
resource "aws_eks_addon" "addon" {
for_each = { for addon in var.addons : addon.name => addon }
addon_name = each.key
addon_version = lookup(each.value, "version", local.default_addon_config["version"])
cluster_name = lookup(each.value, "eks_name", local.default_addon_config["eks_name"])
tags = merge({ Name = each.key }, local.default-tags, var.tags)
for_each = { for addon in var.addons : addon.name => addon }
addon_name = each.key
addon_version = lookup(each.value, "version", local.default_addon_config["version"])
cluster_name = lookup(each.value, "eks_name", local.default_addon_config["eks_name"])
service_account_role_arn = lookup(module.irsa, each.key, null) == null ? null : module.irsa[each.key].arn
tags = merge({ Name = each.key }, local.default-tags, var.tags)
}

### security/policy
Expand Down

0 comments on commit 7b05e6b

Please sign in to comment.