allow specifying an IAM role for each worker group (#137)

* allow creating an IAM role for each worker group * moved change from 'changed' to 'added' * create multiple roles not just profiles * fix config_map_aws_auth generation * don't duplicate worker-role templating * specify ARNs for worker groups individually todo fix aws_auth configmap * fixed AWS auth * fix aws_iam_instance_profile.workers name fix iam_instance_profile fallback * fix outputs * fix iam_instance_profile calculation * hopefully fix aws auth configmap generation * manually fill out remainder of arn * remove depends_on in worker_role_arns template file this was causing resources to be recreated every time * fmt * fix typo, move iam_role_id default to defaults map
2026-03-30 22:21:50 +02:00 · 2018-09-24 07:08:35 -07:00
parent b6f6a82352
commit b623bc234a
8 changed files with 27 additions and 12 deletions
--- a/templates/config-map-aws-auth.yaml.tpl
+++ b/templates/config-map-aws-auth.yaml.tpl
@@ -5,11 +5,7 @@ metadata:
  namespace: kube-system
 data:
  mapRoles: |
-    - rolearn: ${worker_role_arn}
-      username: system:node:{{EC2PrivateDNSName}}
-      groups:
-        - system:bootstrappers
-        - system:nodes
+${worker_role_arn}
 ${map_roles}
  mapUsers: |
 ${map_users}
--- a/templates/worker-role.tpl
+++ b/templates/worker-role.tpl
@@ -0,0 +1,5 @@
+    - rolearn: ${worker_role_arn}
+      username: system:node:{{EC2PrivateDNSName}}
+      groups:
+        - system:bootstrappers
+        - system:nodes