Skip to content

Commit 6c20d7a

Browse files
mikkeloscarmikkeloscar
authored
Merge pull request #9633 from zalando-incubator/deployment-service-role-names
Make deployment-service roles configurable
2 parents 711225b + fb4959d commit 6c20d7a

File tree

5 files changed

+12
-9
lines changed

5 files changed

+12
-9
lines changed

cluster/cluster.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1589,7 +1589,7 @@ Resources:
15891589
DeploymentControllerRole:
15901590
Type: AWS::IAM::Role
15911591
Properties:
1592-
RoleName: "{{.Cluster.LocalID}}-deployment-service-controller"
1592+
RoleName: "{{.Cluster.ConfigItems.deployment_service_controller_role_name}}"
15931593
AssumeRolePolicyDocument: !Sub
15941594
- |
15951595
{
@@ -1654,11 +1654,11 @@ Resources:
16541654
- 'sts:AssumeRole'
16551655
Effect: Allow
16561656
Resource:
1657-
- !Sub "arn:aws:iam::${AWS::AccountId}:role/{{.Cluster.LocalID}}-deployment-service-deployment"
1657+
- !Sub "arn:aws:iam::${AWS::AccountId}:role/{{.Cluster.ConfigItems.deployment_service_deployment_role_name}}"
16581658
DeploymentControllerDeploymentRole:
16591659
Type: AWS::IAM::Role
16601660
Properties:
1661-
RoleName: "{{.Cluster.LocalID}}-deployment-service-deployment"
1661+
RoleName: "{{.Cluster.ConfigItems.deployment_service_deployment_role_name}}"
16621662
AssumeRolePolicyDocument:
16631663
Version: "2012-10-17"
16641664
Statement:
@@ -1692,7 +1692,7 @@ Resources:
16921692
DeploymentStatusServiceRole:
16931693
Type: AWS::IAM::Role
16941694
Properties:
1695-
RoleName: "{{.Cluster.LocalID}}-deployment-service-status-service"
1695+
RoleName: "{{.Cluster.ConfigItems.deployment_service_status_service_role_name}}"
16961696
AssumeRolePolicyDocument: !Sub
16971697
- |
16981698
{

cluster/config-defaults.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1040,6 +1040,9 @@ deployment_service_tokeninfo_url: ""
10401040
deployment_service_lightstep_token: ""
10411041
deployment_service_ml_experiments_enabled: "true"
10421042
deployment_service_ml_experiments_role_name: "{{ .Cluster.LocalID }}-deployment-service-ml-experiment-deployment"
1043+
deployment_service_controller_role_name: "{{ .Cluster.LocalID }}-deployment-service-controller"
1044+
deployment_service_deployment_role_name: "{{ .Cluster.LocalID }}-deployment-service-deployment"
1045+
deployment_service_status_service_role_name: "{{ .Cluster.LocalID }}-deployment-service-status-service"
10431046
deployment_service_cf_auto_expand_enabled: "false"
10441047
deployment_service_cf_update_source_branch_changes: "true"
10451048
deployment_service_executor_cdp_permissions: "false"

cluster/manifests/deployment-service/01-config.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ data:
1919
s3-bucket-name: "{{ .Cluster.ConfigItems.deployment_service_bucket_name }}"
2020
status-service-url: "https://depl-status-{{.Cluster.Alias}}.{{.Values.hosted_zone}}"
2121
status-service-url-local: "http://deployment-status-service.ingress.cluster.local."
22-
deployment-role-arn: "arn:aws:iam::{{accountID .Cluster.InfrastructureAccount}}:role/{{.Cluster.LocalID}}-deployment-service-deployment"
22+
deployment-role-arn: "arn:aws:iam::{{accountID .Cluster.InfrastructureAccount}}:role/{{.Cluster.ConfigItems.deployment_service_deployment_role_name}}"
2323
{{- if eq .Cluster.ConfigItems.deployment_service_ml_experiments_enabled "true"}}
2424
ml-experiment-deployment-role-arn: "arn:aws:iam::{{accountID .Cluster.InfrastructureAccount}}:role/{{ .Cluster.ConfigItems.deployment_service_ml_experiments_role_name }}"
2525
{{- end }}

cluster/manifests/deployment-service/controller-rbac.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,9 +8,9 @@ metadata:
88
component: "controller"
99
annotations:
1010
{{- if eq .Cluster.Provider "zalando-eks" }}
11-
eks.amazonaws.com/role-arn: "arn:aws:iam::{{.Cluster.InfrastructureAccount | getAWSAccountID}}:role/{{.Cluster.LocalID}}-deployment-service-controller"
11+
eks.amazonaws.com/role-arn: "arn:aws:iam::{{.Cluster.InfrastructureAccount | getAWSAccountID}}:role/{{.Cluster.ConfigItems.deployment_service_controller_role_name}}"
1212
{{- else }}
13-
iam.amazonaws.com/role: "{{.Cluster.LocalID}}-deployment-service-controller"
13+
iam.amazonaws.com/role: "{{.Cluster.ConfigItems.deployment_service_controller_role_name}}"
1414
{{- end }}
1515
---
1616
kind: ClusterRole

cluster/manifests/deployment-service/status-service-rbac.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,9 +8,9 @@ metadata:
88
component: "status-service"
99
annotations:
1010
{{- if eq .Cluster.Provider "zalando-eks" }}
11-
eks.amazonaws.com/role-arn: "arn:aws:iam::{{.Cluster.InfrastructureAccount | getAWSAccountID}}:role/{{.Cluster.LocalID}}-deployment-service-status-service"
11+
eks.amazonaws.com/role-arn: "arn:aws:iam::{{.Cluster.InfrastructureAccount | getAWSAccountID}}:role/{{.Cluster.ConfigItems.deployment_service_status_service_role_name}}"
1212
{{- else }}
13-
iam.amazonaws.com/role: "{{.Cluster.LocalID}}-deployment-service-status-service"
13+
iam.amazonaws.com/role: "{{.Cluster.ConfigItems.deployment_service_status_service_role_name}}"
1414
{{- end }}
1515
---
1616
kind: ClusterRole

0 commit comments

Comments
 (0)