IAM Role Annotator 
This Kubernetes controller is watching Deployment objects using the Kubernetes API. Whenever a Deployment is created or updated,
the controller will check if the Deployment contains the armesto.net/iam-role-annotator annotation, and, in that case, add the iam.amazonaws.com/role annotation containing the appropiate IAM Role.
The IAM Role Annotator assumes that an IAM Role is already created for every application. The IAM Role ARN used in the annotation
will be an ARN of the form arn:aws:iam::<AWS_ACCOUNT_ID>:role/<APPLICATION_NAME>, where the application name is the name of the Deployment object.
Build
We provide a Makefile that you can use to build this application
$ makeOr if you are running linux
$ make build/iam-role-annotator-linux-amd64Tests
You can run the tests using the Makefile
$ make testUsage
You can start the application with the following command
$ go run *.go --namespace your-namespace --aws-account-id 12345Or using environment variables
$ NAMESPACE="your-namespace" AWS_ACCOUNT_ID="12345" go run *.goParameters
These are the available parameters (all parameters can be also passed as environment variables)
- namespace: Only Deployments in this namespace will be watched
- aws-account-id: The AWS account id used in the role's ARN
- resync-seconds: The controller will reprocess all watched objects every
resync-secondsseconds - kubeconfig: Kubernetes configuration file used to connect to the cluster, only used when running the controller outside the cluster
Releasing
This application is package using Docker containers that are published in this repository
$ make release