diff --git a/modules/kubernetes-addons/adot-collector-haproxy/main.tf b/modules/kubernetes-addons/adot-collector-haproxy/main.tf index ed22358185..6a888af8cd 100644 --- a/modules/kubernetes-addons/adot-collector-haproxy/main.tf +++ b/modules/kubernetes-addons/adot-collector-haproxy/main.tf @@ -53,7 +53,7 @@ module "helm_addon" { irsa_config = { create_kubernetes_namespace = try(var.helm_config["create_namespace"], true) kubernetes_namespace = local.namespace - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false) kubernetes_service_account = try(var.helm_config.service_account, local.name) irsa_iam_policies = ["arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonPrometheusRemoteWriteAccess"] diff --git a/modules/kubernetes-addons/adot-collector-java/main.tf b/modules/kubernetes-addons/adot-collector-java/main.tf index 796052c3a3..194930f32f 100644 --- a/modules/kubernetes-addons/adot-collector-java/main.tf +++ b/modules/kubernetes-addons/adot-collector-java/main.tf @@ -53,7 +53,7 @@ module "helm_addon" { irsa_config = { create_kubernetes_namespace = try(var.helm_config["create_namespace"], true) kubernetes_namespace = local.namespace - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false) kubernetes_service_account = try(var.helm_config.service_account, local.name) irsa_iam_policies = ["arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonPrometheusRemoteWriteAccess"] diff --git a/modules/kubernetes-addons/adot-collector-memcached/main.tf b/modules/kubernetes-addons/adot-collector-memcached/main.tf index f2c69071d4..317034954f 100644 --- a/modules/kubernetes-addons/adot-collector-memcached/main.tf +++ b/modules/kubernetes-addons/adot-collector-memcached/main.tf @@ -53,7 +53,7 @@ module "helm_addon" { irsa_config = { create_kubernetes_namespace = try(var.helm_config["create_namespace"], true) kubernetes_namespace = local.namespace - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false) kubernetes_service_account = try(var.helm_config.service_account, local.name) irsa_iam_policies = ["arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonPrometheusRemoteWriteAccess"] diff --git a/modules/kubernetes-addons/adot-collector-nginx/main.tf b/modules/kubernetes-addons/adot-collector-nginx/main.tf index 3bcc018e00..e1bbc28c79 100644 --- a/modules/kubernetes-addons/adot-collector-nginx/main.tf +++ b/modules/kubernetes-addons/adot-collector-nginx/main.tf @@ -53,7 +53,7 @@ module "helm_addon" { irsa_config = { create_kubernetes_namespace = try(var.helm_config["create_namespace"], true) kubernetes_namespace = local.namespace - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false) kubernetes_service_account = try(var.helm_config.service_account, local.name) irsa_iam_policies = ["arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonPrometheusRemoteWriteAccess"] diff --git a/modules/kubernetes-addons/appmesh-controller/main.tf b/modules/kubernetes-addons/appmesh-controller/main.tf index b68cf5a2c7..50729f481a 100644 --- a/modules/kubernetes-addons/appmesh-controller/main.tf +++ b/modules/kubernetes-addons/appmesh-controller/main.tf @@ -34,9 +34,9 @@ module "helm_addon" { ] irsa_config = { - create_kubernetes_namespace = true + create_kubernetes_namespace = try(var.helm_config["create_namespace"], true) kubernetes_namespace = local.namespace - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false) kubernetes_service_account = try(var.helm_config.service_account, local.name) irsa_iam_policies = concat([aws_iam_policy.this.arn], var.irsa_policies) diff --git a/modules/kubernetes-addons/aws-cloudwatch-metrics/locals.tf b/modules/kubernetes-addons/aws-cloudwatch-metrics/locals.tf index d4856e4fb9..a024771e54 100644 --- a/modules/kubernetes-addons/aws-cloudwatch-metrics/locals.tf +++ b/modules/kubernetes-addons/aws-cloudwatch-metrics/locals.tf @@ -39,7 +39,7 @@ locals { kubernetes_service_account = local.service_account create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false) create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) irsa_iam_policies = concat(["arn:${var.addon_context.aws_partition_id}:iam::aws:policy/CloudWatchAgentServerPolicy"], var.irsa_policies) } diff --git a/modules/kubernetes-addons/aws-ebs-csi-driver/main.tf b/modules/kubernetes-addons/aws-ebs-csi-driver/main.tf index 11a5f9923b..b6161f971d 100644 --- a/modules/kubernetes-addons/aws-ebs-csi-driver/main.tf +++ b/modules/kubernetes-addons/aws-ebs-csi-driver/main.tf @@ -64,7 +64,7 @@ module "helm_addon" { irsa_config = { create_kubernetes_namespace = try(var.helm_config.create_namespace, false) kubernetes_namespace = local.namespace - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false) kubernetes_service_account = local.service_account irsa_iam_policies = concat([aws_iam_policy.aws_ebs_csi_driver[0].arn], lookup(var.helm_config, "additional_iam_policies", [])) diff --git a/modules/kubernetes-addons/aws-efs-csi-driver/main.tf b/modules/kubernetes-addons/aws-efs-csi-driver/main.tf index 15c147ea54..d8465001e1 100644 --- a/modules/kubernetes-addons/aws-efs-csi-driver/main.tf +++ b/modules/kubernetes-addons/aws-efs-csi-driver/main.tf @@ -25,7 +25,7 @@ module "helm_addon" { kubernetes_namespace = local.namespace kubernetes_service_account = local.service_account create_kubernetes_namespace = try(var.helm_config.create_namespace, false) - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false) irsa_iam_policies = concat([aws_iam_policy.aws_efs_csi_driver.arn], var.irsa_policies) } diff --git a/modules/kubernetes-addons/aws-for-fluentbit/locals.tf b/modules/kubernetes-addons/aws-for-fluentbit/locals.tf index 97f05551a2..cecad225c7 100644 --- a/modules/kubernetes-addons/aws-for-fluentbit/locals.tf +++ b/modules/kubernetes-addons/aws-for-fluentbit/locals.tf @@ -46,7 +46,7 @@ locals { kubernetes_namespace = local.helm_config["namespace"] kubernetes_service_account = local.service_account create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false) irsa_iam_policies = concat([aws_iam_policy.aws_for_fluent_bit.arn], var.irsa_policies) } diff --git a/modules/kubernetes-addons/aws-fsx-csi-driver/locals.tf b/modules/kubernetes-addons/aws-fsx-csi-driver/locals.tf index 31d5ae513b..c482f107c7 100644 --- a/modules/kubernetes-addons/aws-fsx-csi-driver/locals.tf +++ b/modules/kubernetes-addons/aws-fsx-csi-driver/locals.tf @@ -38,7 +38,7 @@ locals { kubernetes_namespace = local.helm_config["namespace"] kubernetes_service_account = local.service_account create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false) irsa_iam_policies = concat([aws_iam_policy.aws_fsx_csi_driver.arn], var.irsa_policies) tags = var.addon_context.tags diff --git a/modules/kubernetes-addons/aws-load-balancer-controller/locals.tf b/modules/kubernetes-addons/aws-load-balancer-controller/locals.tf index 767face086..9969555791 100644 --- a/modules/kubernetes-addons/aws-load-balancer-controller/locals.tf +++ b/modules/kubernetes-addons/aws-load-balancer-controller/locals.tf @@ -47,7 +47,7 @@ locals { kubernetes_namespace = local.helm_config["namespace"] kubernetes_service_account = local.service_account create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false) irsa_iam_policies = [aws_iam_policy.aws_load_balancer_controller.arn] } diff --git a/modules/kubernetes-addons/aws-node-termination-handler/locals.tf b/modules/kubernetes-addons/aws-node-termination-handler/locals.tf index 69ebeb5561..bff767b3e7 100644 --- a/modules/kubernetes-addons/aws-node-termination-handler/locals.tf +++ b/modules/kubernetes-addons/aws-node-termination-handler/locals.tf @@ -46,8 +46,8 @@ locals { irsa_config = { kubernetes_namespace = local.namespace kubernetes_service_account = local.service_account - create_kubernetes_namespace = false - create_kubernetes_service_account = true + create_kubernetes_namespace = try(var.helm_config["create_namespace"], false) + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false) irsa_iam_policies = concat([aws_iam_policy.aws_node_termination_handler_irsa.arn], var.irsa_policies) } diff --git a/modules/kubernetes-addons/aws-privateca-issuer/locals.tf b/modules/kubernetes-addons/aws-privateca-issuer/locals.tf index bf739015a9..276ff75d7a 100644 --- a/modules/kubernetes-addons/aws-privateca-issuer/locals.tf +++ b/modules/kubernetes-addons/aws-privateca-issuer/locals.tf @@ -31,7 +31,7 @@ locals { irsa_config = { create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) kubernetes_namespace = local.helm_config["namespace"] - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false) kubernetes_service_account = local.service_account irsa_iam_policies = concat([aws_iam_policy.aws_privateca_issuer.arn], var.irsa_policies) diff --git a/modules/kubernetes-addons/cert-manager/locals.tf b/modules/kubernetes-addons/cert-manager/locals.tf index 52e2d76e89..26b1a1ba5a 100644 --- a/modules/kubernetes-addons/cert-manager/locals.tf +++ b/modules/kubernetes-addons/cert-manager/locals.tf @@ -38,7 +38,7 @@ locals { kubernetes_namespace = local.helm_config["namespace"] kubernetes_service_account = local.service_account create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false) kubernetes_svc_image_pull_secrets = var.kubernetes_svc_image_pull_secrets irsa_iam_policies = concat([aws_iam_policy.cert_manager.arn], var.irsa_policies) diff --git a/modules/kubernetes-addons/cluster-autoscaler/main.tf b/modules/kubernetes-addons/cluster-autoscaler/main.tf index 806a3318c8..3654900d9d 100644 --- a/modules/kubernetes-addons/cluster-autoscaler/main.tf +++ b/modules/kubernetes-addons/cluster-autoscaler/main.tf @@ -40,7 +40,7 @@ module "helm_addon" { irsa_config = { create_kubernetes_namespace = try(var.helm_config.create_namespace, false) kubernetes_namespace = local.namespace - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false) kubernetes_service_account = local.service_account irsa_iam_policies = [aws_iam_policy.cluster_autoscaler.arn] diff --git a/modules/kubernetes-addons/external-dns/main.tf b/modules/kubernetes-addons/external-dns/main.tf index 7f4eaab0a4..94c02f1946 100644 --- a/modules/kubernetes-addons/external-dns/main.tf +++ b/modules/kubernetes-addons/external-dns/main.tf @@ -51,7 +51,7 @@ module "helm_addon" { irsa_config = { create_kubernetes_namespace = try(var.helm_config.create_namespace, true) kubernetes_namespace = try(var.helm_config.namespace, local.name) - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false) kubernetes_service_account = local.service_account irsa_iam_policies = concat([aws_iam_policy.external_dns.arn], var.irsa_policies) diff --git a/modules/kubernetes-addons/external-secrets/locals.tf b/modules/kubernetes-addons/external-secrets/locals.tf index dd7db9c2e4..0772ff816a 100644 --- a/modules/kubernetes-addons/external-secrets/locals.tf +++ b/modules/kubernetes-addons/external-secrets/locals.tf @@ -46,7 +46,7 @@ locals { kubernetes_namespace = local.helm_config["namespace"] kubernetes_service_account = local.service_account create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false) irsa_iam_policies = concat([aws_iam_policy.external_secrets.arn], var.irsa_policies) } diff --git a/modules/kubernetes-addons/grafana/locals.tf b/modules/kubernetes-addons/grafana/locals.tf index c95b801ab9..9a18f16479 100644 --- a/modules/kubernetes-addons/grafana/locals.tf +++ b/modules/kubernetes-addons/grafana/locals.tf @@ -37,7 +37,7 @@ locals { kubernetes_namespace = local.helm_config["namespace"] kubernetes_service_account = try(var.helm_config.service_account, local.name) create_kubernetes_namespace = try(local.helm_config.create_namespace, true) - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false) irsa_iam_policies = concat([aws_iam_policy.grafana.arn], var.irsa_policies) } diff --git a/modules/kubernetes-addons/karpenter/locals.tf b/modules/kubernetes-addons/karpenter/locals.tf index 09dcfabb71..abc4dff9b3 100644 --- a/modules/kubernetes-addons/karpenter/locals.tf +++ b/modules/kubernetes-addons/karpenter/locals.tf @@ -38,7 +38,7 @@ locals { kubernetes_namespace = local.helm_config["namespace"] kubernetes_service_account = local.service_account create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false) irsa_iam_policies = concat([aws_iam_policy.karpenter.arn], var.irsa_policies) } diff --git a/modules/kubernetes-addons/keda/locals.tf b/modules/kubernetes-addons/keda/locals.tf index c59317a69f..eead9e4129 100644 --- a/modules/kubernetes-addons/keda/locals.tf +++ b/modules/kubernetes-addons/keda/locals.tf @@ -30,7 +30,7 @@ locals { kubernetes_namespace = local.helm_config["namespace"] kubernetes_service_account = local.service_account create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false) irsa_iam_policies = concat([aws_iam_policy.keda_irsa.arn], var.irsa_policies) } diff --git a/modules/kubernetes-addons/spark-history-server/locals.tf b/modules/kubernetes-addons/spark-history-server/locals.tf index 8bb3f18528..be483aec9e 100644 --- a/modules/kubernetes-addons/spark-history-server/locals.tf +++ b/modules/kubernetes-addons/spark-history-server/locals.tf @@ -30,7 +30,7 @@ locals { kubernetes_namespace = local.helm_config["namespace"] kubernetes_service_account = try(var.helm_config.service_account, local.name) create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false) irsa_iam_policies = length(var.irsa_policies) > 0 ? var.irsa_policies : ["arn:${var.addon_context.aws_partition_id}:iam::aws:policy/AmazonS3ReadOnlyAccess"] } diff --git a/modules/kubernetes-addons/thanos/locals.tf b/modules/kubernetes-addons/thanos/locals.tf index 1ac05d31ea..2411b0c8ac 100644 --- a/modules/kubernetes-addons/thanos/locals.tf +++ b/modules/kubernetes-addons/thanos/locals.tf @@ -27,8 +27,8 @@ locals { irsa_config = { kubernetes_namespace = local.namespace kubernetes_service_account = local.service_account - create_kubernetes_namespace = false - create_kubernetes_service_account = true + create_kubernetes_namespace = try(var.helm_config["create_namespace"], false) + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(local.helm_config["create_service_account_secret_token"], false) irsa_iam_policies = var.irsa_policies } diff --git a/modules/kubernetes-addons/velero/main.tf b/modules/kubernetes-addons/velero/main.tf index 6cef8500c7..399f67233f 100644 --- a/modules/kubernetes-addons/velero/main.tf +++ b/modules/kubernetes-addons/velero/main.tf @@ -44,7 +44,7 @@ module "helm_addon" { create_kubernetes_namespace = try(var.helm_config["create_namespace"], true) kubernetes_namespace = local.namespace - create_kubernetes_service_account = true + create_kubernetes_service_account = try(var.helm_config["create_service_account"], true) create_service_account_secret_token = try(var.helm_config["create_service_account_secret_token"], false) kubernetes_service_account = try(var.helm_config.service_account, local.name)