Skip to content

E
eks-kube2iam
Commit 2e1ed24e authored by Nick White's avatar Nick White
Browse files
Options

Upgraded to tf0.12.30

parent 61a64740
Hide whitespace changes
Inline Side-by-side
Showing with 29 additions and 18 deletions
eks-kube2iam-clusterrolebinding.tf
View file @ 2e1ed24e
......@@ -28,3 +28,4 @@ resource "kubernetes_cluster_role_binding" "kube2iam_cluster_role_bind" {
namespace = "kube-system"
}
}
eks-kube2iam-serviceaccount.tf
View file @ 2e1ed24e
......@@ -6,3 +6,4 @@ resource "kubernetes_service_account" "kube2iam_service_account" {
automount_service_account_token = "true"
}
eks-kube2iam.tf
View file @ 2e1ed24e
......@@ -3,14 +3,14 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" {
name = "kube2iam"
namespace = "kube-system"
labels {
labels = {
app = "kube2iam"
}
}
spec {
selector {
match_labels {
match_labels = {
app = "kube2iam"
}
}
......@@ -19,7 +19,7 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" {
metadata {
name = "kube2iam"
labels {
labels = {
app = "kube2iam"
}
}
......@@ -29,14 +29,13 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" {
host_network = true
volume {
name = "${kubernetes_service_account.kube2iam_service_account.default_secret_name}"
name = kubernetes_service_account.kube2iam_service_account.default_secret_name
secret {
secret_name = "${kubernetes_service_account.kube2iam_service_account.default_secret_name}"
secret_name = kubernetes_service_account.kube2iam_service_account.default_secret_name
}
}
container {
image = "jtblin/kube2iam:0.10.4"
name = "kube2iam-container"
......@@ -46,7 +45,7 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" {
volume_mount {
mount_path = "/var/run/secrets/kubernetes.io/serviceaccount"
name = "${kubernetes_service_account.kube2iam_service_account.default_secret_name}"
name = kubernetes_service_account.kube2iam_service_account.default_secret_name
read_only = true
}
security_context {
......@@ -56,20 +55,20 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" {
env {
name = "HOST_IP"
value_from = {
field_ref = {
value_from {
field_ref {
field_path = "status.podIP"
}
}
}
resources {
limits {
limits = {
cpu = "0.5"
memory = "512Mi"
}
requests {
requests = {
cpu = "250m"
memory = "50Mi"
}
......@@ -79,3 +78,4 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" {
}
}
}
iam.tf
View file @ 2e1ed24e
......@@ -9,12 +9,12 @@ data "aws_iam_policy_document" "eks_worker" {
}
resource "aws_iam_policy" "eks_worker" {
policy = "${data.aws_iam_policy_document.eks_worker.json}"
policy = data.aws_iam_policy_document.eks_worker.json
}
resource "aws_iam_role_policy_attachment" "eks_worker" {
role = "${var.worker_iam_role_name}"
policy_arn = "${aws_iam_policy.eks_worker.arn}"
role = var.worker_iam_role_name
policy_arn = aws_iam_policy.eks_worker.arn
}
data "aws_iam_policy_document" "default" {
......@@ -36,12 +36,13 @@ data "aws_iam_policy_document" "default" {
principals {
type = "AWS"
identifiers = ["${var.worker_iam_role_arn}"]
identifiers = [var.worker_iam_role_arn]
}
}
}
resource "aws_iam_role" "default" {
name = "eks-kube2iam-default-role"
assume_role_policy = "${data.aws_iam_policy_document.default.json}"
assume_role_policy = data.aws_iam_policy_document.default.json
}
variables.tf
View file @ 2e1ed24e
variable "worker_iam_role_name" {}
variable "worker_iam_role_arn" {}
variable "worker_iam_role_name" {
}
variable "worker_iam_role_arn" {
}
versions.tf 0 → 100644
View file @ 2e1ed24e
terraform {
required_version = ">= 0.12"
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment