Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for well known policies with IRSA (#3045)
* Add support for well known policies with IRSA * Don't skip policies * Simplify statements for well known and addon IAM policies * Add test that wellKnownPolicies are respected * Improve docs for wellKnownPolicies * Simplify irsa well known policy code
- Loading branch information
1 parent
0e9ea1f
commit 14097d1
Showing
17 changed files
with
237 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
package v1alpha5 | ||
|
||
// WellKnownPolicies for attaching common IAM policies | ||
type WellKnownPolicies struct { | ||
// ImageBuilder allows for full ECR (Elastic Container Registry) access. | ||
ImageBuilder bool `json:"imageBuilder,inline"` | ||
// AutoScaler adds policies for cluster-autoscaler. See [autoscaler AWS | ||
// docs](https://docs.aws.amazon.com/eks/latest/userguide/cluster-autoscaler.html). | ||
AutoScaler bool `json:"autoScaler,inline"` | ||
// AWSLoadBalancerController adds policies for using the | ||
// aws-load-balancer-controller. See [Load Balancer | ||
// docs](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html). | ||
AWSLoadBalancerController bool `json:"awsLoadBalancerController,inline"` | ||
// ExternalDNS adds external-dns policies for Amazon Route 53. | ||
// See [external-dns | ||
// docs](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md). | ||
ExternalDNS bool `json:"externalDNS,inline"` | ||
// CertManager adds cert-manager policies. See [cert-manager | ||
// docs](https://cert-manager.io/docs/configuration/acme/dns01/route53). | ||
CertManager bool `json:"certManager,inline"` | ||
} | ||
|
||
func (p *WellKnownPolicies) HasPolicy() bool { | ||
return p.ImageBuilder || p.AutoScaler || p.AWSLoadBalancerController || p.ExternalDNS || p.CertManager | ||
} |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.