Skip to content

Commit

Permalink
feat: create SA in EKS based on aws.useIRSAAnnotations
Browse files Browse the repository at this point in the history 
- if `jxRequirements.cluster.aws.useIRSAAnnotations` is true: create SA with annotations to bind to the IAM Role with convention: `arn:aws:iam::<accountId>:role/<clustername>-<namespace>-<saName>`
- otherwise: don't create SA

fix jenkins-x-labs/issues#17
  • Loading branch information
@gazal-k
gazal-k committed Mar 31, 2020
1 parent 28039e3 commit d1e7d21
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions charts/jxl-boot/templates/serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if .Values.serviceAccount.create -}}
{{- if and .Values.serviceAccount.create (not (and (hasKey .Values.jxRequirements.cluster "aws") (.Values.jxRequirements.cluster.aws.useIRSAAnnotations))) -}}
apiVersion: v1
kind: ServiceAccount
metadata:
Expand All @@ -11,7 +11,9 @@ metadata:
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
{{- end }}
{{- if eq .Values.jxRequirements.cluster.provider "eks" }}
eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.jxRequirements.cluster.project }}:role/{{ .Values.jxRequirements.cluster.clusterName }}-{{ .Values.jxRequirements.cluster.namespace }}-jxl-boot
{{- if and (hasKey .Values.jxRequirements.cluster "aws") (.Values.jxRequirements.cluster.aws.useIRSAAnnotations) }}
eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.jxRequirements.cluster.aws.accountId }}:role/{{ .Values.jxRequirements.cluster.clusterName }}-{{ .Values.jxRequirements.cluster.namespace }}-jxl-boot
{{- end }}
{{- end }}
{{- if eq .Values.jxRequirements.cluster.provider "gke" }}
iam.gke.io/gcp-service-account: "{{ .Values.jxRequirements.cluster.clusterName }}-jb@{{ .Values.jxRequirements.cluster.project }}.iam.gserviceaccount.com"
Expand Down

0 comments on commit d1e7d21

Please sign in to comment.