Feature/island fixes #198
Feature/island fixes #198
Conversation
| @@ -37,6 +37,8 @@ resource "kubernetes_deployment" "apiary_hms_readonly" { | |||
| } | |||
|
|
|||
| spec { | |||
| service_account_name = kubernetes_service_account.hms_readonly[0].metadata.0.name | |||
There was a problem hiding this comment.
I'm pretty sure if we set hms_instance_type to ecs, all references to [0] will fail with this error: hashicorp/terraform#22480
Can we just change them to [count.index]?
There was a problem hiding this comment.
not sure if that is still happening with current version or setup, if so we probably need to fix it here
apiary-data-lake/k8s-readonly.tf
Line 70 in 117749c
I will test
ecs deployment mode in new island.
| name = "${local.hms_alias}-readwrite" | ||
| namespace = var.k8s_namespace | ||
| annotations = { | ||
| "eks.amazonaws.com/role-arn" = var.oidc_provider == "" ? "" : aws_iam_role.apiary_hms_readwrite.arn |
There was a problem hiding this comment.
If we are using kiam, will this annotation having a value of "" cause any issues?
There was a problem hiding this comment.
tested this scenario, IAM using kiam is working as expected when eks.amazonaws.com/role-arn = "", but is not working if configure role as IRSA is overriding kiam
| @@ -0,0 +1,23 @@ | |||
| resource "kubernetes_service_account" "hms_readwrite" { | |||
| count = var.hms_instance_type == "k8s" ? 1 : 0 | |||
There was a problem hiding this comment.
Do we always want to create the service accounts when using k8s, or only when we are not using kiam?
There was a problem hiding this comment.
creating service accounts when using kiam will not cause any issues, so creating always to keep terraform setup simpler, but we will also probably deprecate kiam as IRSA is working in clusters with Kiam
variables.tf
Outdated
| default = "monitoring" | ||
| } | ||
|
|
||
| variable "k8s_namespace" { |
There was a problem hiding this comment.
Can we rename k8s_namespace to metastore_namespace or something more descriptive?
There was a problem hiding this comment.
should add to VARIABLES.md
📝 Description
Configuration to use IAM roles for service accounts(IRSA).
🔗 Related Issues