diff --git a/README.md b/README.md index 34c6233..693a2c0 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ Generate them like so: ```bash go get github.com/segmentio/terraform-docs -terraform-docs md ./ | cat -s | ghead -n -1 > README.md +terraform-docs md ./ | cat -s > README.md ``` ## Contributing @@ -103,9 +103,9 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | kubeconfig_aws_authenticator_command | Command to use to to fetch AWS EKS credentials | string | `heptio-authenticator-aws` | no | | kubeconfig_aws_authenticator_env_variables | Environment variables that should be used when executing the authenticator i.e. { AWS_PROFILE = "eks"} | string | `` | no | | kubeconfig_name | Override the default name used for items kubeconfig | string | `` | no | -| map_accounts | Additional AWS account numbers to add to the aws-auth configmap. | list | `` | no | -| map_roles | Additional IAM roles to add to the aws-auth configmap. | list | `` | no | -| map_users | Additional IAM users to add to the aws-auth configmap. | list | `` | no | +| map_accounts | Additional AWS account numbers to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `` | no | +| map_roles | Additional IAM roles to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `` | no | +| map_users | Additional IAM users to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `` | no | | subnets | A list of subnets to place the EKS cluster and workers within. | list | - | yes | | tags | A map of tags to add to all resources. | map | `` | no | | vpc_id | VPC where the cluster and workers will be deployed. | string | - | yes | @@ -130,4 +130,3 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | worker_iam_role_name | IAM role name attached to EKS workers | | worker_security_group_id | Security group ID attached to the EKS workers. | | workers_asg_arns | IDs of the autoscaling groups containing workers. | - diff --git a/aws_auth.tf b/aws_auth.tf index 3dd9159..ec32361 100644 --- a/aws_auth.tf +++ b/aws_auth.tf @@ -1,12 +1,12 @@ resource "local_file" "config_map_aws_auth" { content = "${data.template_file.config_map_aws_auth.rendered}" - filename = "${var.config_output_path}/config-map-aws-auth.yaml" + filename = "${var.config_output_path}/config-map-aws-auth_${var.cluster_name}.yaml" count = "${var.configure_kubectl_session ? 1 : 0}" } resource "null_resource" "configure_kubectl" { provisioner "local-exec" { - command = "kubectl apply -f ${var.config_output_path}/config-map-aws-auth.yaml --kubeconfig ${var.config_output_path}/kubeconfig" + command = "kubectl apply -f ${var.config_output_path}/config-map-aws-auth_${var.cluster_name}.yaml --kubeconfig ${var.config_output_path}/kubeconfig_${var.cluster_name}" } triggers { diff --git a/examples/eks_test_fixture/main.tf b/examples/eks_test_fixture/main.tf index def2f32..6134a27 100644 --- a/examples/eks_test_fixture/main.tf +++ b/examples/eks_test_fixture/main.tf @@ -70,4 +70,7 @@ module "eks" { tags = "${local.tags}" vpc_id = "${module.vpc.vpc_id}" worker_groups = "${local.worker_groups}" + map_roles = "${var.map_roles}" + map_users = "${var.map_users}" + map_accounts = "${var.map_accounts}" } diff --git a/examples/eks_test_fixture/variables.tf b/examples/eks_test_fixture/variables.tf index 81b8dbe..8d840bd 100644 --- a/examples/eks_test_fixture/variables.tf +++ b/examples/eks_test_fixture/variables.tf @@ -1,3 +1,41 @@ variable "region" { default = "us-west-2" } + +variable "map_accounts" { + description = "Additional AWS account numbers to add to the aws-auth configmap." + type = "list" + default = [ + "777777777777", + "888888888888" + ] +} + +variable "map_roles" { + description = "Additional IAM roles to add to the aws-auth configmap." + type = "list" + default = [ + { + role_arn = "arn:aws:iam::66666666666:role/role1" + username = "role1" + group = "system:masters" + } + ] +} + +variable "map_users" { + description = "Additional IAM users to add to the aws-auth configmap." + type = "list" + default = [ + { + user_arn = "arn:aws:iam::66666666666:user/user1" + username = "user1" + group = "system:masters" + }, + { + user_arn = "arn:aws:iam::66666666666:user/user2" + username = "user2" + group = "system:masters" + } + ] +} diff --git a/variables.tf b/variables.tf index 7855e5f..0bc65dc 100644 --- a/variables.tf +++ b/variables.tf @@ -33,19 +33,19 @@ variable "manage_aws_auth" { } variable "map_accounts" { - description = "Additional AWS account numbers to add to the aws-auth configmap." + description = "Additional AWS account numbers to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format." type = "list" default = [] } variable "map_roles" { - description = "Additional IAM roles to add to the aws-auth configmap." + description = "Additional IAM roles to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format." type = "list" default = [] } variable "map_users" { - description = "Additional IAM users to add to the aws-auth configmap." + description = "Additional IAM users to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format." type = "list" default = [] }