Skip to content

Commit

Permalink
update
Browse files Browse the repository at this point in the history
  • Loading branch information
@badra001
badra001 committed Oct 14, 2021
1 parent 4d0b2d7 commit 27b0ad8
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 5 deletions.
27 changes: 22 additions & 5 deletions patch-aws-auth/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,29 @@
# About patch-aws-auth

This allows to add IAM roles and IAM users to the `aws-auth ConfigMap`, to tie IAM resources into
Kubernetes (k8s) users and group permissions.

You pass an array of ConfigMap objects for IAM users and IAM roles.

# Configuration
## User ConfigMap Entry

| Name | Description |
|------|-------------|
| userarn | ARN of IAM user. This is calculated from the `aws_username` if empty |
| aws\_username | If present, lookup the ARN for this user and populate the `userarn` variable above |
| username | The Kubernetes user to map this IAM user into |
| groups | A list of Kubernetes groups (defined through RoleBinding) to assign to the IAM user |

## Role ConfigMap Entry

| Name | Description |
|------|-------------|
| rolearn | ARN of IAM role. This is calculated from the `aws_rolename` if empty |
| aws\_rolename | If present, lookup the ARN for this role and populate the `rolearn` variable above |
| username | The Kubernetes user to map this IAM user into |
| groups | A list of Kubernetes groups (defined through RoleBinding) to assign to the IAM user |

# Example variable usage

```hcl
Expand Down Expand Up @@ -82,12 +104,7 @@ No modules.
| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | `null` | no |
| <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | The EKS Kubernetes version number, see https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html | `string` | `"1.21"` | no |
| <a name="input_domain"></a> [domain](#input\_domain) | The DNS domain name of the cluster. Defaults to empty which causes the sample application to use the domain assigned to the load balancer of the istio ingress gateway. | `string` | `""` | no |
| <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | EKS worker node instance type (default: t3.xlarge) | `string` | `"t3.xlarge"` | no |
| <a name="input_keep_temporary_files"></a> [keep\_temporary\_files](#input\_keep\_temporary\_files) | This module creates temporary files in setup/patch-aws-auth.TIMESTAMP.*. This flag determines whether to keep or remove them (default: false) | `bool` | `false` | no |
| <a name="input_nodegroup_desired_size"></a> [nodegroup\_desired\_size](#input\_nodegroup\_desired\_size) | EKS Nodegroup desire size (default: 1) | `number` | `1` | no |
| <a name="input_nodegroup_instance_disk_size"></a> [nodegroup\_instance\_disk\_size](#input\_nodegroup\_instance\_disk\_size) | The size of EKS nodegroup EBS disk in gigabytes (default: 40) | `number` | `40` | no |
| <a name="input_nodegroup_maximum_size"></a> [nodegroup\_maximum\_size](#input\_nodegroup\_maximum\_size) | EKs Nodegroup maximum size (default: 16) | `number` | `16` | no |
| <a name="input_nodegroup_minumum_size"></a> [nodegroup\_minumum\_size](#input\_nodegroup\_minumum\_size) | EKS Nodegroup minimum size (default: 1) | `number` | `1` | no |
| <a name="input_profile"></a> [profile](#input\_profile) | AWS config profile. This is needed because we call the AWSCLI. | `string` | n/a | yes |
| <a name="input_region"></a> [region](#input\_region) | AWS region (default: pull from current running provider) | `string` | `""` | no |

Expand Down
22 changes: 22 additions & 0 deletions patch-aws-auth/main.tf
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,30 @@
/*
* # About patch-aws-auth
*
* This allows to add IAM roles and IAM users to the `aws-auth ConfigMap`, to tie IAM resources into
* Kubernetes (k8s) users and group permissions.
*
* You pass an array of ConfigMap objects for IAM users and IAM roles.
*
* # Configuration
* ## User ConfigMap Entry
*
* | Name | Description |
* |------|-------------|
* | userarn | ARN of IAM user. This is calculated from the `aws_username` if empty |
* | aws_username | If present, lookup the ARN for this user and populate the `userarn` variable above |
* | username | The Kubernetes user to map this IAM user into |
* | groups | A list of Kubernetes groups (defined through RoleBinding) to assign to the IAM user |
*
* ## Role ConfigMap Entry
*
* | Name | Description |
* |------|-------------|
* | rolearn | ARN of IAM role. This is calculated from the `aws_rolename` if empty |
* | aws_rolename | If present, lookup the ARN for this role and populate the `rolearn` variable above |
* | username | The Kubernetes user to map this IAM user into |
* | groups | A list of Kubernetes groups (defined through RoleBinding) to assign to the IAM user |
*
* # Example variable usage
*
* ```hcl
Expand Down

0 comments on commit 27b0ad8

Please sign in to comment.