Skip to content

Commit

Permalink
new(config/cluster): add iam ruole for cluster-autoscaler
Browse files Browse the repository at this point in the history
Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
  • Loading branch information
alacuku authored and poiana committed Jul 17, 2024
1 parent 594e58a commit 7e75bc4
Showing 1 changed file with 19 additions and 5 deletions.
24 changes: 19 additions & 5 deletions config/clusters/iam.tf
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,25 @@ resource "aws_iam_policy" "ebs_controller_policy" {
policy = data.aws_iam_policy_document.ebs_controller_policy_doc.json
}

##### Cluster-autoscaler

module "cluster_autoscaler" {
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
version = "4.1.0"
create_role = true
role_name = "${local.cluster_name}-cluster-autoscaler"
provider_url = replace(module.eks.cluster_oidc_issuer_url, "https://", "")
role_policy_arns = [aws_iam_policy.cluster_autoscaler_policy.arn]
oidc_fully_qualified_subjects = [
"system:serviceaccount:kube-system:cluster-autoscaler",
]
}

resource "aws_iam_policy" "cluster_autoscaler_policy" {
name_prefix = "${local.cluster_name}-cluster-autoscaler"
policy = data.aws_iam_policy_document.cluster_autoscaler_policy_doc.json
}

data "aws_iam_policy_document" "cluster_autoscaler_policy_doc" {
statement {
effect = "Allow"
Expand Down Expand Up @@ -60,11 +79,6 @@ data "aws_iam_policy_document" "cluster_autoscaler_policy_doc" {
}
}

resource "aws_iam_policy" "cluster_autoscaler_policy" {
name_prefix = "${local.cluster_name}-cluster-autoscaler"
policy = data.aws_iam_policy_document.cluster_autoscaler_policy_doc.json
}

##### S3 for Prow uploads

module "iam_assumable_role_admin" {
Expand Down

0 comments on commit 7e75bc4

Please sign in to comment.