fix: Work around path bug in aws-iam-authenticator (#894)

* fix: Work around path bug in aws-iam-authenticator `aws-iam-authenticator` has an open issue where it will not recognize IAM roles that include paths. This change causes the path supplied to `var.iam_path` to be stripped when generating the `aws-auth` ConfigMap in order to work around this. https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/153 https://github.com/aws/containers-roadmap/issues/926
2026-01-18 17:47:31 +01:00 · 2020-05-30 16:25:50 -04:00
parent c748899d0e
commit 7ffe5fa88f
1 changed files with 3 additions and 1 deletions
--- a/aws_auth.tf
+++ b/aws_auth.tf
@@ -46,7 +46,9 @@ locals {
      module.node_groups.aws_auth_roles,
    ) :
    {
-      rolearn  = role["worker_role_arn"]
+      # Work around https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/153
+      # Strip the leading slash off so that Terraform doesn't think it's a regex
+      rolearn  = replace(role["worker_role_arn"], replace(var.iam_path, "/^//", ""), "")
      username = "system:node:{{EC2PrivateDNSName}}"
      groups = tolist(concat(
        [