Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add new sub-module for creating IAM roles for service accounts #1827

Closed
wants to merge 2 commits into from
Closed

feat: Add new sub-module for creating IAM roles for service accounts #1827

wants to merge 2 commits into from

Conversation

bryantbiggs
Copy link
Member

@bryantbiggs bryantbiggs commented Feb 1, 2022
edited
Loading

⚠️ I don't know how I feel about this yet so don't get your heart set on it ⚠️

Description

  • Add new sub-module for creating IAM roles for service accounts

On one hand I can see this making some sense, but here are my current reservations:

Why do I like these ☝🏽?

  • They only have one provider which is the AWS provider. This change sort of sneakily adds in the Kubernetes provider which if you don't set the proper configs it just errors out with an obscure dial tcp 127.0.0.1:80: connect: connection refused

Why am I not (yet) drawn to this 👇🏽 change?

  • What do we really gain? Service account and namespace creation? I do not like managing Kubernetes manifests in Terraform - I think they should be handled by whatever tool you use to deploy your applications. For IRSA, all we need to do is provide an IAM role really and if you see above, we have two module that already do that

Why this could be useful:

  • Folks come here for EKS guidance and maybe they don't see the IRSA roles. Maybe moving it to a first-class supported sub-module here increases that visibility for them

Motivation and Context

Breaking Changes

How Has This Been Tested?

  • I have tested and validated these changes using one or more of the provided examples/* projects

@bryantbiggs bryantbiggs mentioned this pull request Feb 1, 2022
Closed
@bryantbiggs
Copy link
Member Author

direction is to enable opt-in IAM policies under the https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/modules/iam-eks-role module

@bryantbiggs bryantbiggs closed this Feb 1, 2022
@bryantbiggs bryantbiggs deleted the feat/irsa branch February 9, 2022 14:26
@bryantbiggs bryantbiggs mentioned this pull request Feb 14, 2022
Merged
1 task
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 10, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bryantbiggs