Skip to content

Commit 88e5220

Browse files
richardcaserichardcase
committed
wip: eks pod identity support
Signed-off-by: Richard Case <[email protected]>
1 parent 244d8e5 commit 88e5220

14 files changed

+27
-1
lines changed

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/customsuffix.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -412,6 +412,7 @@ Resources:
412412
Statement:
413413
- Action:
414414
- sts:AssumeRole
415+
- sts:TagSession
415416
Effect: Allow
416417
Principal:
417418
Service:
@@ -429,6 +430,7 @@ Resources:
429430
Principal:
430431
Service:
431432
- ec2.amazonaws.com
433+
- pods.eks.amazonaws.com
432434
Version: 2012-10-17
433435
RoleName: controllers.custom-suffix.com
434436
Type: AWS::IAM::Role

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/default.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -412,6 +412,7 @@ Resources:
412412
Statement:
413413
- Action:
414414
- sts:AssumeRole
415+
- sts:TagSession
415416
Effect: Allow
416417
Principal:
417418
Service:
@@ -429,6 +430,7 @@ Resources:
429430
Principal:
430431
Service:
431432
- ec2.amazonaws.com
433+
- pods.eks.amazonaws.com
432434
Version: 2012-10-17
433435
RoleName: controllers.cluster-api-provider-aws.sigs.k8s.io
434436
Type: AWS::IAM::Role

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_all_secret_backends.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -425,6 +425,7 @@ Resources:
425425
Statement:
426426
- Action:
427427
- sts:AssumeRole
428+
- sts:TagSession
428429
Effect: Allow
429430
Principal:
430431
Service:
@@ -442,6 +443,7 @@ Resources:
442443
Principal:
443444
Service:
444445
- ec2.amazonaws.com
446+
- pods.eks.amazonaws.com
445447
Version: 2012-10-17
446448
RoleName: controllers.cluster-api-provider-aws.sigs.k8s.io
447449
Type: AWS::IAM::Role

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_allow_assume_role.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -417,6 +417,7 @@ Resources:
417417
Statement:
418418
- Action:
419419
- sts:AssumeRole
420+
- sts:TagSession
420421
Effect: Allow
421422
Principal:
422423
Service:
@@ -434,6 +435,7 @@ Resources:
434435
Principal:
435436
Service:
436437
- ec2.amazonaws.com
438+
- pods.eks.amazonaws.com
437439
Version: 2012-10-17
438440
RoleName: controllers.cluster-api-provider-aws.sigs.k8s.io
439441
Type: AWS::IAM::Role

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_bootstrap_user.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -420,6 +420,7 @@ Resources:
420420
Statement:
421421
- Action:
422422
- sts:AssumeRole
423+
- sts:TagSession
423424
Effect: Allow
424425
Principal:
425426
Service:
@@ -437,6 +438,7 @@ Resources:
437438
Principal:
438439
Service:
439440
- ec2.amazonaws.com
441+
- pods.eks.amazonaws.com
440442
Version: 2012-10-17
441443
RoleName: controllers.cluster-api-provider-aws.sigs.k8s.io
442444
Type: AWS::IAM::Role

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_custom_bootstrap_user.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -420,6 +420,7 @@ Resources:
420420
Statement:
421421
- Action:
422422
- sts:AssumeRole
423+
- sts:TagSession
423424
Effect: Allow
424425
Principal:
425426
Service:
@@ -437,6 +438,7 @@ Resources:
437438
Principal:
438439
Service:
439440
- ec2.amazonaws.com
441+
- pods.eks.amazonaws.com
440442
Version: 2012-10-17
441443
RoleName: controllers.cluster-api-provider-aws.sigs.k8s.io
442444
Type: AWS::IAM::Role

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_different_instance_profiles.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -412,6 +412,7 @@ Resources:
412412
Statement:
413413
- Action:
414414
- sts:AssumeRole
415+
- sts:TagSession
415416
Effect: Allow
416417
Principal:
417418
Service:
@@ -429,6 +430,7 @@ Resources:
429430
Principal:
430431
Service:
431432
- ec2.amazonaws.com
433+
- pods.eks.amazonaws.com
432434
Version: 2012-10-17
433435
RoleName: controllers.cluster-api-provider-aws.sigs.k8s.io
434436
Type: AWS::IAM::Role

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_console.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -432,6 +432,7 @@ Resources:
432432
Statement:
433433
- Action:
434434
- sts:AssumeRole
435+
- sts:TagSession
435436
Effect: Allow
436437
Principal:
437438
Service:
@@ -449,6 +450,7 @@ Resources:
449450
Principal:
450451
Service:
451452
- ec2.amazonaws.com
453+
- pods.eks.amazonaws.com
452454
Version: 2012-10-17
453455
RoleName: controllers.cluster-api-provider-aws.sigs.k8s.io
454456
Type: AWS::IAM::Role

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_default_roles.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -412,6 +412,7 @@ Resources:
412412
Statement:
413413
- Action:
414414
- sts:AssumeRole
415+
- sts:TagSession
415416
Effect: Allow
416417
Principal:
417418
Service:
@@ -429,6 +430,7 @@ Resources:
429430
Principal:
430431
Service:
431432
- ec2.amazonaws.com
433+
- pods.eks.amazonaws.com
432434
Version: 2012-10-17
433435
RoleName: controllers.cluster-api-provider-aws.sigs.k8s.io
434436
Type: AWS::IAM::Role

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_kms_prefix.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -412,6 +412,7 @@ Resources:
412412
Statement:
413413
- Action:
414414
- sts:AssumeRole
415+
- sts:TagSession
415416
Effect: Allow
416417
Principal:
417418
Service:
@@ -429,6 +430,7 @@ Resources:
429430
Principal:
430431
Service:
431432
- ec2.amazonaws.com
433+
- pods.eks.amazonaws.com
432434
Version: 2012-10-17
433435
RoleName: controllers.cluster-api-provider-aws.sigs.k8s.io
434436
Type: AWS::IAM::Role

0 commit comments

Comments
 (0)