Skip to content

Commit

Permalink
use rolearn
Browse files Browse the repository at this point in the history 
Signed-off-by: Kaizhe Huang <khuang@aurora.tech>
  • Loading branch information
@Kaizhe @poiana
Kaizhe authored and poiana committed Jul 28, 2021
1 parent 2124022 commit ecbb07e
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 9 deletions.
2 changes: 1 addition & 1 deletion falcosidekick/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Before release 0.1.20, the helm chart can be found in `falcosidekick` [repositor

## 0.3.12

* Add fields `config.aws.accountid` and `config.aws.iamrole`
* Add AWS configuration field `config.aws.rolearn`

## 0.3.11

Expand Down
3 changes: 1 addition & 2 deletions falcosidekick/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,8 +207,7 @@ The following table lists the main configurable parameters of the Falcosidekick
| `config.stan.checkcert` | check if ssl certificate of the output is valid | `true` | |
| `config.stan.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` |
| `config.aws.accesskeyid` | AWS Access Key Id (optionnal if you use EC2 Instance Profile) | |
| `config.aws.accountid` | AWS Account ID (optionnal if you use EC2 Instance Profile) | |
| `config.aws.iamrole` | AWS IAM role for falcosidekick service account to associate with (optionnal if you use EC2 Instance Profile) | |
| `config.aws.rolearn` | AWS IAM role ARN for falcosidekick service account to associate with (optionnal if you use EC2 Instance Profile) | |
| `config.aws.secretaccesskey` | AWS Secret Access Key (optionnal if you use EC2 Instance Profile) | |
| `config.aws.region` | AWS Region (optionnal if you use EC2 Instance Profile) | |
| `config.aws.cloudwatchlogs.loggroup` | AWS CloudWatch Logs Group name, if not empty, CloudWatch Logs output is enabled | |
Expand Down
6 changes: 2 additions & 4 deletions falcosidekick/templates/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,9 @@ kind: ServiceAccount
metadata:
name: {{ include "falcosidekick.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- if .Values.config.aws.accountid }}
{{- if .Values.config.aws.iamrole }}
{{- if .Values.config.aws.rolearn }}
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.config.aws.accountid }}:role/{{ .Values.config.aws.iamrole }}
{{- end }}
eks.amazonaws.com/role-arn: {{ .Values.config.aws.rolearn }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "falcosidekick.name" . }}
Expand Down
3 changes: 1 addition & 2 deletions falcosidekick/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,8 +124,7 @@ config:
checkcert: true

aws:
accountid: ""
iamrole: ""
rolearn: ""
accesskeyid: ""
secretaccesskey: ""
region: ""
Expand Down

0 comments on commit ecbb07e

Please sign in to comment.