From 4b47ef0518d60a8620818c6a56d119752962dcb3 Mon Sep 17 00:00:00 2001 From: bobdoah Date: Mon, 12 Sep 2022 13:27:52 +0100 Subject: [PATCH] Cert-manager IAM permissions boundary support (#944) Pass the permissions boundary policy to IAM roles created for use with cert-manager --- modules/kubernetes-addons/cert-manager/README.md | 2 +- modules/kubernetes-addons/cert-manager/variables.tf | 1 + modules/kubernetes-addons/opentelemetry-operator/README.md | 2 +- modules/kubernetes-addons/opentelemetry-operator/variables.tf | 1 + 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/kubernetes-addons/cert-manager/README.md b/modules/kubernetes-addons/cert-manager/README.md index 9db6d796d1..e687a81e10 100644 --- a/modules/kubernetes-addons/cert-manager/README.md +++ b/modules/kubernetes-addons/cert-manager/README.md @@ -52,7 +52,7 @@ cert-manager docker image is available at this repo: | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [addon\_context](#input\_addon\_context) | Input configuration for the addon | 
object({
    aws_caller_identity_account_id = string
    aws_caller_identity_arn        = string
    aws_eks_cluster_endpoint       = string
    aws_partition_id               = string
    aws_region_name                = string
    eks_cluster_id                 = string
    eks_oidc_issuer_url            = string
    eks_oidc_provider_arn          = string
    tags                           = map(string)
    irsa_iam_role_path             = string
  })
| n/a | yes | +| [addon\_context](#input\_addon\_context) | Input configuration for the addon | 
object({
    aws_caller_identity_account_id = string
    aws_caller_identity_arn        = string
    aws_eks_cluster_endpoint       = string
    aws_partition_id               = string
    aws_region_name                = string
    eks_cluster_id                 = string
    eks_oidc_issuer_url            = string
    eks_oidc_provider_arn          = string
    tags                           = map(string)
    irsa_iam_role_path             = string
    irsa_iam_permissions_boundary  = string
  })
| n/a | yes | | [domain\_names](#input\_domain\_names) | Domain names of the Route53 hosted zone to use with cert-manager. | `list(string)` | `[]` | no | | [helm\_config](#input\_helm\_config) | cert-manager Helm chart configuration | `any` | `{}` | no | | [install\_letsencrypt\_issuers](#input\_install\_letsencrypt\_issuers) | Install Let's Encrypt Cluster Issuers. | `bool` | `true` | no | diff --git a/modules/kubernetes-addons/cert-manager/variables.tf b/modules/kubernetes-addons/cert-manager/variables.tf index 467f1240c8..a0b79bf613 100644 --- a/modules/kubernetes-addons/cert-manager/variables.tf +++ b/modules/kubernetes-addons/cert-manager/variables.tf @@ -47,5 +47,6 @@ variable "addon_context" { eks_oidc_provider_arn = string tags = map(string) irsa_iam_role_path = string + irsa_iam_permissions_boundary = string }) } diff --git a/modules/kubernetes-addons/opentelemetry-operator/README.md b/modules/kubernetes-addons/opentelemetry-operator/README.md index 884ffb4ab5..da2f7cce1f 100644 --- a/modules/kubernetes-addons/opentelemetry-operator/README.md +++ b/modules/kubernetes-addons/opentelemetry-operator/README.md @@ -61,7 +61,7 @@ the ADOT Operator. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [addon\_config](#input\_addon\_config) | Amazon EKS Managed CoreDNS Add-on config | `any` | `{}` | no | -| [addon\_context](#input\_addon\_context) | Input configuration for the addon | 
object({
    aws_caller_identity_account_id = string
    aws_caller_identity_arn        = string
    aws_eks_cluster_endpoint       = string
    aws_partition_id               = string
    aws_region_name                = string
    eks_cluster_id                 = string
    eks_oidc_issuer_url            = string
    eks_oidc_provider_arn          = string
    irsa_iam_role_path             = string
    tags                           = map(string)
  })
| n/a | yes | +| [addon\_context](#input\_addon\_context) | Input configuration for the addon | 
object({
    aws_caller_identity_account_id = string
    aws_caller_identity_arn        = string
    aws_eks_cluster_endpoint       = string
    aws_partition_id               = string
    aws_region_name                = string
    eks_cluster_id                 = string
    eks_oidc_issuer_url            = string
    eks_oidc_provider_arn          = string
    irsa_iam_role_path             = string
    irsa_iam_permissions_boundary  = string
    tags                           = map(string)
  })
| n/a | yes | | [enable\_amazon\_eks\_adot](#input\_enable\_amazon\_eks\_adot) | Enable Amazon EKS ADOT add-on | `bool` | `true` | no | | [enable\_opentelemetry\_operator](#input\_enable\_opentelemetry\_operator) | Enable opentelemetry operator addon | `bool` | `false` | no | | [helm\_config](#input\_helm\_config) | Helm provider config for ADOT Operator AddOn | `any` | `{}` | no | diff --git a/modules/kubernetes-addons/opentelemetry-operator/variables.tf b/modules/kubernetes-addons/opentelemetry-operator/variables.tf index 13adff08c5..d5a9ce442b 100644 --- a/modules/kubernetes-addons/opentelemetry-operator/variables.tf +++ b/modules/kubernetes-addons/opentelemetry-operator/variables.tf @@ -16,6 +16,7 @@ variable "addon_context" { eks_oidc_issuer_url = string eks_oidc_provider_arn = string irsa_iam_role_path = string + irsa_iam_permissions_boundary = string tags = map(string) }) }