Skip to content

Commit

Permalink
kOps managed OIDC provider is no longer needed for IRSA
Browse files Browse the repository at this point in the history 
It's assumed users will manage the OIDC provider themselves in that case
  • Loading branch information
Ole Markus With committed Sep 7, 2022
1 parent 656df04 commit 3e7ca00
Showing 1 changed file with 0 additions and 3 deletions.
3 changes: 0 additions & 3 deletions pkg/apis/kops/validation/validation.go
View file
Expand Up @@ -290,9 +290,6 @@ func validateClusterSpec(spec *kops.ClusterSpec, c *kops.Cluster, fieldPath *fie
}

if len(spec.IAM.ServiceAccountExternalPermissions) > 0 {
if spec.ServiceAccountIssuerDiscovery == nil || !spec.ServiceAccountIssuerDiscovery.EnableAWSOIDCProvider {
allErrs = append(allErrs, field.Forbidden(fieldPath.Child("iam", "serviceAccountExternalPermissions"), "serviceAccountExternalPermissions requires AWS OIDC Provider to be enabled"))
}
allErrs = append(allErrs, validateSAExternalPermissions(spec.IAM.ServiceAccountExternalPermissions, fieldPath.Child("iam", "serviceAccountExternalPermissions"))...)
}
}
Expand Down

0 comments on commit 3e7ca00

Please sign in to comment.