aws · overdrive3000 · Jan 5, 2021
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: aws-cloudwatch-metrics
 description: A Helm chart to deploy aws-cloudwatch-metrics project
-version: 0.0.3
+version: 0.0.4
 appVersion: "1.247345"
 home: https://github.com/aws/eks-charts
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png

@@ -18,6 +18,38 @@ helm upgrade --install aws-cloudwatch-metrics \
     --set clusterName=my-eks-cluster
 ```
 
+## Using this chart with IRSA
+
+1. Create IAM OIDC provider
+
+```
+eksctl utils associate-iam-oidc-provider \
+  --region <aws-region> \
+  --cluster <your-cluster-name> \
+  --approve
+```
+
+2. Create a IAM role and ServiceAccount for the Cloudwatch Metrics agent
+
+```
+eksctl create iamserviceaccount \
+  --cluster=<cluster-name> \
+  --namespace=amazon-cloudwatch \
+  --name=aws-cloudwatch-metrics \
+  --attach-policy-arn=arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy \
+  --approve
+```
+
+3. Install helm chart using Service Account
+
+```
+helm upgrade --install aws-cloudwatch-metrics \
+  --namespace amazon-cloudwatch eks/aws-cloudwatch-metric \
+  --set clusterName=my-eks-cluster \
+  --set serviceAccount.create=false \
+  --set serviceAccount.name=aws-cloudwatch-metrics
+```
+
 ## Configuration
 
 | Parameter | Description | Default | Required |
@@ -28,4 +60,5 @@ helm upgrade --install aws-cloudwatch-metrics \
 | `clusterName` | Name of your cluster | `cluster_name` | ✔
 | `serviceAccount.create` | Whether a new service account should be created | `true` | 
 | `serviceAccount.name` | Service account to be used | | 
+| `rbac.create` | Whether RBAC resources should be created | `true` | 
 | `hostNetwork` | Allow to use the network namespace and network resources of the node | `false` | 
@@ -1,4 +1,4 @@
-{{- if .Values.serviceAccount.create -}}
+{{- if .Values.rbac.create -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

@@ -1,4 +1,4 @@
-{{- if .Values.serviceAccount.create -}}
+{{- if .Values.rbac.create -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -9,6 +9,6 @@ roleRef:
   name: {{ include "aws-cloudwatch-metrics.fullname" . }}
 subjects:
 - kind: ServiceAccount
-  name: {{ include "aws-cloudwatch-metrics.fullname" . }}
+  name: {{ include "aws-cloudwatch-metrics.serviceAccountName" . }}
   namespace: {{ .Release.Namespace }}
 {{- end -}}
@@ -17,4 +17,8 @@ serviceAccount:
   create: true
   name:
 
+rbac:
+  # Specifies whether rbac resources should be created
+  create: true
+
 hostNetwork: false