fix: create SA using helm and use SA annotation for EKS

fix jenkins-x-labs/issues#17
gazal-k · Mar 31, 2020 · b91a2ac · b91a2ac
1 parent 88909b7
commit b91a2ac
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 9 deletions.
diff --git a/apps/bitnami/external-dns/values.yaml.gotmpl b/apps/bitnami/external-dns/values.yaml.gotmpl
@@ -20,6 +20,9 @@ rbac:
 {{- if eq .Values.jxRequirements.cluster.provider "gke" }}
   serviceAccountAnnotations:
     iam.gke.io/gcp-service-account: {{ .Values.jxRequirements.cluster.clusterName }}-ex@{{ .Values.jxRequirements.cluster.project }}.iam.gserviceaccount.com
+{{- else if eq .Values.jxRequirements.cluster.provider "eks" }}
+  serviceAccountAnnotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.jxRequirements.cluster.project }}:role/{{ .Values.jxRequirements.cluster.clusterName }}-{{ .Values.jxRequirements.cluster.namespace }}-external-dns
 {{- end }}
 
 domainFilters:

diff --git a/apps/jenkins-x/jxui/values.yaml.gotmpl b/apps/jenkins-x/jxui/values.yaml.gotmpl
@@ -1,7 +1,5 @@
+{{- if eq .Values.jxRequirements.cluster.provider "eks" }}
 serviceaccount:
-{{- if eq "eks" .Values.jxRequirements.cluster.provider }}
-  enabled: false
-{{- else }}
-  enabled: true
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.jxRequirements.cluster.project }}:role/{{ .Values.jxRequirements.cluster.clusterName }}-{{ .Values.jxRequirements.cluster.namespace }}-jxui
 {{- end }}
-
diff --git a/apps/jenkins-x/tekton/values.yaml.gotmpl b/apps/jenkins-x/tekton/values.yaml.gotmpl
@@ -13,13 +13,14 @@ auth:
     url: "{{ .Values.secrets.docker.url }}"
 {{- end }}
 
-{{- if eq "eks" .Values.jxRequirements.cluster.provider }}
+{{- if eq .Values.jxRequirements.cluster.provider "eks" }}
+serviceaccount:
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.jxRequirements.cluster.project }}:role/{{ .Values.jxRequirements.cluster.clusterName }}-{{ .Values.jxRequirements.cluster.namespace }}-tekton-bot
+{{- else if eq .Values.jxRequirements.cluster.provider "gke" }}
 serviceaccount:
-  enabled: false
-{{- if eq .Values.jxRequirements.cluster.provider "gke" }}
   annotations:
     iam.gke.io/gcp-service-account: {{ .Values.jxRequirements.cluster.clusterName }}-tk@{{ .Values.jxRequirements.cluster.project }}.iam.gserviceaccount.com
 {{- end }}
-{{- end }}
 
 tillerNamespace: ""
diff --git a/apps/jetstack/cert-manager/values.yaml.gotmpl b/apps/jetstack/cert-manager/values.yaml.gotmpl
@@ -6,6 +6,9 @@ extraArgs:
 securityContext:
   enabled: true
   fsGroup: 1001
+serviceAccount:
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.jxRequirements.cluster.project }}:role/{{ .Values.jxRequirements.cluster.clusterName }}-cert-manager-cert-manager
 {{- end }}
 
 webhook: