From 23024d5440ab22bb0b9d812844bace8c711e2fce Mon Sep 17 00:00:00 2001 From: Srini Nangunuri Date: Thu, 9 May 2024 10:29:48 -0400 Subject: [PATCH 1/3] Adding cluster admin roles to access EKS clusters using inf-admin-t2 and inf-admin-t3 roles --- cluster-admin.tf | 10 ++++++++++ variables.tf | 18 ++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 cluster-admin.tf diff --git a/cluster-admin.tf b/cluster-admin.tf new file mode 100644 index 0000000..1eea3ee --- /dev/null +++ b/cluster-admin.tf @@ -0,0 +1,10 @@ + +# patch-aws-auth.tf +module "cluster-admin" { + source = "git@github.e.it.census.gov:terraform-modules/aws-eks.git//patch-aws-auth?ref=2.2.0" + profile = var.aws_sso_profile + region = var.region + cluster_name = var.cluster_name + aws_auth_roles = var.aws_auth_roles + keep_temporary_files = var.keep_temporary_files +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index aabef96..6d58160 100644 --- a/variables.tf +++ b/variables.tf @@ -73,6 +73,24 @@ variable "operators_ns" { default = "operators" } +variable "aws_auth_roles" { + description = "List of role maps to add to the aws-auth configmap" + type = list(any) + default = [] +} + +variable "aws_sso_profile" { + description = "sso profile" + type = string + default = "224384469011-lab-dev-gov.inf-admin-t3" +} + +variable "keep_temporary_files" { + description = "whether to keep temp files while creating aws_auth_roles" + type = bool + default = false +} + ################################################################### # Common variables ################################################################### From 666c27567f60db37dae648cc7e7781c6cd366f27 Mon Sep 17 00:00:00 2001 From: Srini Nangunuri Date: Thu, 9 May 2024 10:37:32 -0400 Subject: [PATCH 2/3] removed region variable as it's already defined --- cluster-admin.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/cluster-admin.tf b/cluster-admin.tf index 1eea3ee..7e1a889 100644 --- a/cluster-admin.tf +++ b/cluster-admin.tf @@ -3,7 +3,6 @@ module "cluster-admin" { source = "git@github.e.it.census.gov:terraform-modules/aws-eks.git//patch-aws-auth?ref=2.2.0" profile = var.aws_sso_profile - region = var.region cluster_name = var.cluster_name aws_auth_roles = var.aws_auth_roles keep_temporary_files = var.keep_temporary_files From c270c247d1e095b03fba657760cbbfc07eb9d8c7 Mon Sep 17 00:00:00 2001 From: Srini Nangunuri Date: Thu, 9 May 2024 11:04:10 -0400 Subject: [PATCH 3/3] adding default value to aws_auth_roles --- variables.tf | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 6d58160..71eb5cb 100644 --- a/variables.tf +++ b/variables.tf @@ -76,7 +76,20 @@ variable "operators_ns" { variable "aws_auth_roles" { description = "List of role maps to add to the aws-auth configmap" type = list(any) - default = [] + default = [ + { + rolearn : "arn:aws-us-gov:iam::224384469011:role/AWSReservedSSO_inf-admin-t3_b200ae7af469cdc8" + aws_rolename : "" + username : "admin" + groups = ["system:masters"] + }, + { + rolearn : "arn:aws-us-gov:iam::224384469011:role/AWSReservedSSO_inf-admin-t2_f3912d726991bbfa" + aws_rolename : "" + username : "admin" + groups = ["system:masters"] + } + ] } variable "aws_sso_profile" {