mirror of
https://github.com/ysoftdevs/terraform-aws-eks.git
synced 2026-01-14 15:53:59 +01:00
6b40bdbb1d
* feat: Replace `resolve_conflicts` with `resolve_conflicts_on_create`/`delete`; raise MSV of AWS provider to `v5.0` to support * fix: Replace dynamic DNS suffix for `sts:AssumeRole` API calls for static suffix * feat: Add module tag * feat: Align Karpenter permissions with Karpenter v1beta1/v0.32 permissions from upstream * refactor: Move `aws-auth` ConfigMap functionality to its own sub-module * chore: Update examples * feat: Add state `moved` block for Karpenter Pod Identity role re-name * fix: Correct variable `create` description * feat: Add support for cluster access entries * chore: Bump MSV of Terraform to `1.3` * fix: Replace defunct kubectl provider with an updated forked equivalent * chore: Update and validate examples for access entry; clean up provider usage * docs: Correct double redundant variable descriptions * feat: Add support for Cloudwatch log group class argument * fix: Update usage tag placement, fix Karpenter event spelling, add upcoming changes section to upgrade guide * feat: Update Karpenter module to generalize naming used and align policy with the upstream Karpenter policy * feat: Add native support for Windows based managed nodegroups similar to AL2 and Bottlerocket * feat: Update self-managed nodegroup module to use latest features of ASG * docs: Update and simplify docs * fix: Correct variable description for AMI types * fix: Update upgrade guide with changes; rename Karpenter controller resource names to support migrating for users * docs: Complete upgrade guide docs for migration and changes applied * Update examples/karpenter/README.md Co-authored-by: Anton Babenko <anton@antonbabenko.com> * Update examples/outposts/README.md Co-authored-by: Anton Babenko <anton@antonbabenko.com> * Update modules/karpenter/README.md Co-authored-by: Anton Babenko <anton@antonbabenko.com> --------- Co-authored-by: Anton Babenko <anton@antonbabenko.com>
48 lines
1.2 KiB
HCL
48 lines
1.2 KiB
HCL
|
|
################################################################################
|
|
# aws-auth configmap
|
|
################################################################################
|
|
|
|
locals {
|
|
aws_auth_configmap_data = {
|
|
mapRoles = yamlencode(var.aws_auth_roles)
|
|
mapUsers = yamlencode(var.aws_auth_users)
|
|
mapAccounts = yamlencode(var.aws_auth_accounts)
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_config_map" "aws_auth" {
|
|
count = var.create && var.create_aws_auth_configmap ? 1 : 0
|
|
|
|
metadata {
|
|
name = "aws-auth"
|
|
namespace = "kube-system"
|
|
}
|
|
|
|
data = local.aws_auth_configmap_data
|
|
|
|
lifecycle {
|
|
# We are ignoring the data here since we will manage it with the resource below
|
|
# This is only intended to be used in scenarios where the configmap does not exist
|
|
ignore_changes = [data, metadata[0].labels, metadata[0].annotations]
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_config_map_v1_data" "aws_auth" {
|
|
count = var.create && var.manage_aws_auth_configmap ? 1 : 0
|
|
|
|
force = true
|
|
|
|
metadata {
|
|
name = "aws-auth"
|
|
namespace = "kube-system"
|
|
}
|
|
|
|
data = local.aws_auth_configmap_data
|
|
|
|
depends_on = [
|
|
# Required for instances where the configmap does not exist yet to avoid race condition
|
|
kubernetes_config_map.aws_auth,
|
|
]
|
|
}
|