Skip to content

Commit

Permalink
fix: update service account creation
Browse files Browse the repository at this point in the history
  • Loading branch information
JianLi-Expedia committed Jun 4, 2024
1 parent 8538d72 commit 753a390
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 4 deletions.
3 changes: 2 additions & 1 deletion iam-k8s.tf
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@ resource "aws_iam_role" "waggle_dance_k8s_role_iam" {
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"${var.oidc_provider}:sub": "system:serviceaccount:${var.k8s_namespace}:${local.instance_alias}"
"${var.oidc_provider}:sub": "system:serviceaccount:${var.k8s_namespace}:${local.instance_alias}",
"${var.oidc_provider}:aud": "sts.amazonaws.com"
}
}
}
Expand Down
21 changes: 19 additions & 2 deletions k8s.tf
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ locals {
k8s_cpu_limit = length(var.cpu_limit) != 0 ? var.cpu_limit / 1024 : (var.cpu / 1024) * 1.25
}

resource "kubernetes_service_account" "waggle_dance" {
resource "kubernetes_service_account_v1" "waggle_dance" {
count = var.wd_instance_type == "k8s" ? 1 : 0
metadata {
name = local.instance_alias
Expand All @@ -22,7 +22,23 @@ resource "kubernetes_service_account" "waggle_dance" {
"eks.amazonaws.com/role-arn" = var.oidc_provider == "" ? "" : aws_iam_role.waggle_dance_k8s_role_iam[0].arn
}
}
automount_service_account_token = true
}

resource "kubernetes_secret_v1" "waggle_dance" {
count = var.wd_instance_type == "k8s" ? 1 : 0
metadata {
name = local.instance_alias
namespace = var.k8s_namespace
annotations = {
"kubernetes.io/service-account.name" = local.instance_alias
"kubernetes.io/service-account.namespace" = var.k8s_namespace
}
}
type = "kubernetes.io/service-account-token"

depends_on = [
kubernetes_service_account_v1.waggle_dance
]
}

resource "kubernetes_deployment_v1" "waggle_dance" {
Expand Down Expand Up @@ -55,6 +71,7 @@ resource "kubernetes_deployment_v1" "waggle_dance" {
"prometheus.io/scrape" : var.prometheus_enabled
"prometheus.io/port" : local.actuator_port
"prometheus.io/path" : "/actuator/prometheus"
"iam.amazonaws.com/role" = var.oidc_provider == "" ? aws_iam_role.waggle_dance_k8s_role_iam[0].name : null
}
}

Expand Down
2 changes: 1 addition & 1 deletion version.tf
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 2.7.0"
version = ">= 2.13.0"
configuration_aliases = [aws.remote]
}
datadog = {
Expand Down

0 comments on commit 753a390

Please sign in to comment.