Skip to content

E
eks-kube2iam
Commit 2e1ed24e authored by Nick White's avatar Nick White
Browse files
Options

Upgraded to tf0.12.30

parent 61a64740
Show whitespace changes
Inline Side-by-side
Showing with 29 additions and 18 deletions
eks-kube2iam-clusterrolebinding.tf
View file @ 2e1ed24e
...@@ -28,3 +28,4 @@ resource "kubernetes_cluster_role_binding" "kube2iam_cluster_role_bind" { ...@@ -28,3 +28,4 @@ resource "kubernetes_cluster_role_binding" "kube2iam_cluster_role_bind" {
namespace = "kube-system" namespace = "kube-system"
} }
} }
eks-kube2iam-serviceaccount.tf
View file @ 2e1ed24e
...@@ -6,3 +6,4 @@ resource "kubernetes_service_account" "kube2iam_service_account" { ...@@ -6,3 +6,4 @@ resource "kubernetes_service_account" "kube2iam_service_account" {
automount_service_account_token = "true" automount_service_account_token = "true"
} }
eks-kube2iam.tf
View file @ 2e1ed24e
...@@ -3,14 +3,14 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" { ...@@ -3,14 +3,14 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" {
name = "kube2iam" name = "kube2iam"
namespace = "kube-system" namespace = "kube-system"
labels { labels = {
app = "kube2iam" app = "kube2iam"
} }
} }
spec { spec {
selector { selector {
match_labels { match_labels = {
app = "kube2iam" app = "kube2iam"
} }
} }
...@@ -19,7 +19,7 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" { ...@@ -19,7 +19,7 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" {
metadata { metadata {
name = "kube2iam" name = "kube2iam"
labels { labels = {
app = "kube2iam" app = "kube2iam"
} }
} }
...@@ -29,14 +29,13 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" { ...@@ -29,14 +29,13 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" {
host_network = true host_network = true
volume { volume {
name = "${kubernetes_service_account.kube2iam_service_account.default_secret_name}" name = kubernetes_service_account.kube2iam_service_account.default_secret_name
secret { secret {
secret_name = "${kubernetes_service_account.kube2iam_service_account.default_secret_name}" secret_name = kubernetes_service_account.kube2iam_service_account.default_secret_name
} }
} }
container { container {
image = "jtblin/kube2iam:0.10.4" image = "jtblin/kube2iam:0.10.4"
name = "kube2iam-container" name = "kube2iam-container"
...@@ -46,7 +45,7 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" { ...@@ -46,7 +45,7 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" {
volume_mount { volume_mount {
mount_path = "/var/run/secrets/kubernetes.io/serviceaccount" mount_path = "/var/run/secrets/kubernetes.io/serviceaccount"
name = "${kubernetes_service_account.kube2iam_service_account.default_secret_name}" name = kubernetes_service_account.kube2iam_service_account.default_secret_name
read_only = true read_only = true
} }
security_context { security_context {
...@@ -56,20 +55,20 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" { ...@@ -56,20 +55,20 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" {
env { env {
name = "HOST_IP" name = "HOST_IP"
value_from = { value_from {
field_ref = { field_ref {
field_path = "status.podIP" field_path = "status.podIP"
} }
} }
} }
resources { resources {
limits { limits = {
cpu = "0.5" cpu = "0.5"
memory = "512Mi" memory = "512Mi"
} }
requests { requests = {
cpu = "250m" cpu = "250m"
memory = "50Mi" memory = "50Mi"
} }
...@@ -79,3 +78,4 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" { ...@@ -79,3 +78,4 @@ resource "kubernetes_daemonset" "kube2iam_daemonset" {
} }
} }
} }
iam.tf
View file @ 2e1ed24e
...@@ -9,12 +9,12 @@ data "aws_iam_policy_document" "eks_worker" { ...@@ -9,12 +9,12 @@ data "aws_iam_policy_document" "eks_worker" {
} }
resource "aws_iam_policy" "eks_worker" { resource "aws_iam_policy" "eks_worker" {
policy = "${data.aws_iam_policy_document.eks_worker.json}" policy = data.aws_iam_policy_document.eks_worker.json
} }
resource "aws_iam_role_policy_attachment" "eks_worker" { resource "aws_iam_role_policy_attachment" "eks_worker" {
role = "${var.worker_iam_role_name}" role = var.worker_iam_role_name
policy_arn = "${aws_iam_policy.eks_worker.arn}" policy_arn = aws_iam_policy.eks_worker.arn
} }
data "aws_iam_policy_document" "default" { data "aws_iam_policy_document" "default" {
...@@ -36,12 +36,13 @@ data "aws_iam_policy_document" "default" { ...@@ -36,12 +36,13 @@ data "aws_iam_policy_document" "default" {
principals { principals {
type = "AWS" type = "AWS"
identifiers = ["${var.worker_iam_role_arn}"] identifiers = [var.worker_iam_role_arn]
} }
} }
} }
resource "aws_iam_role" "default" { resource "aws_iam_role" "default" {
name = "eks-kube2iam-default-role" name = "eks-kube2iam-default-role"
assume_role_policy = "${data.aws_iam_policy_document.default.json}" assume_role_policy = data.aws_iam_policy_document.default.json
} }
variables.tf
View file @ 2e1ed24e
variable "worker_iam_role_name" {} variable "worker_iam_role_name" {
variable "worker_iam_role_arn" {} }
variable "worker_iam_role_arn" {
}
versions.tf 0 → 100644
View file @ 2e1ed24e
terraform {
required_version = ">= 0.12"
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment