Skip to content

Commit 74ff835

Browse files
author
Martin Linkhorst
committed
remove old trust relationship template variable
1 parent ff8308f commit 74ff835

File tree

3 files changed

+0
-28
lines changed

3 files changed

+0
-28
lines changed

cluster/config-defaults.yaml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1269,8 +1269,6 @@ eks_zalando_iam_aws_proxy_hpa_max_replicas: "10"
12691269
eks_zalando_iam_aws_proxy_hpa_cpu_target: "80"
12701270
eks_zalando_iam_aws_proxy_hpa_memory_target: "80"
12711271
eks_okta_identity_provider: "true"
1272-
eks_legacy_cluster_local_id: "kube-1"
1273-
eks_oidc_issuer_url: "https://"
12741272
eks_fis_support_enabled: "false"
12751273
eks_fis_namespaces: "default"
12761274

cluster/manifests/deployment-service/01-config.yaml

Lines changed: 0 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -16,31 +16,6 @@ data:
1616
oidc-provider-arn: "{{.Cluster.OIDCProviderARN}}"
1717
oidc-subject-key: "{{.Cluster.OIDCSubjectKey}}"
1818
iam-role-trust-relationship-template: '{{.Cluster.IAMRoleTrustRelationshipTemplate}}'
19-
{{- if eq .Cluster.Provider "zalando-eks" }}
20-
{{ $oidc_issuer_aws := printf "%s.%s" .Cluster.ConfigItems.eks_legacy_cluster_local_id .Values.hosted_zone }}
21-
{{ $oidc_issuer_eks := index (split .Cluster.ConfigItems.eks_oidc_issuer_url "//") 1 }}
22-
{{ $oidc_provider_arn_aws := printf "arn:aws:iam::%s:oidc-provider/%s" (accountID .Cluster.InfrastructureAccount) $oidc_issuer_aws }}
23-
{{ $oidc_provider_arn_eks := printf "arn:aws:iam::%s:oidc-provider/%s" (accountID .Cluster.InfrastructureAccount) $oidc_issuer_eks }}
24-
{{ $oidc_subject_key_aws := printf "%s:sub" $oidc_issuer_aws }}
25-
{{ $oidc_subject_key_eks := printf "%s:sub" $oidc_issuer_eks }}
26-
{{- if ne .Cluster.ConfigItems.eks_legacy_cluster_local_id "" }}
27-
oidc-trust-relationship-template: '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Federated":"{{$oidc_provider_arn_aws}}"},"Action":"sts:AssumeRoleWithWebIdentity","Condition":{"StringLike":{"{{$oidc_subject_key_aws}}":"system:serviceaccount:${SERVICE_ACCOUNT}"}}},{"Effect":"Allow","Principal":{"Federated":"{{$oidc_provider_arn_eks}}"},"Action":"sts:AssumeRoleWithWebIdentity","Condition":{"StringLike":{"{{$oidc_subject_key_eks}}":"system:serviceaccount:${SERVICE_ACCOUNT}"}}}]}'
28-
{{- else }}
29-
oidc-trust-relationship-template: '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Federated":"{{$oidc_provider_arn_eks}}"},"Action":"sts:AssumeRoleWithWebIdentity","Condition":{"StringLike":{"{{$oidc_subject_key_eks}}":"system:serviceaccount:${SERVICE_ACCOUNT}"}}}]}'
30-
{{- end }}
31-
{{- else }}
32-
{{ $oidc_issuer_aws := printf "%s.%s" .Cluster.LocalID .Values.hosted_zone }}
33-
{{ $oidc_issuer_eks := index (split .Cluster.ConfigItems.eks_oidc_issuer_url "//") 1 }}
34-
{{ $oidc_provider_arn_aws := printf "arn:aws:iam::%s:oidc-provider/%s" (accountID .Cluster.InfrastructureAccount) $oidc_issuer_aws }}
35-
{{ $oidc_provider_arn_eks := printf "arn:aws:iam::%s:oidc-provider/%s" (accountID .Cluster.InfrastructureAccount) $oidc_issuer_eks }}
36-
{{ $oidc_subject_key_aws := printf "%s:sub" $oidc_issuer_aws }}
37-
{{ $oidc_subject_key_eks := printf "%s:sub" $oidc_issuer_eks }}
38-
{{- if ne $oidc_issuer_eks "" }}
39-
oidc-trust-relationship-template: '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Federated":"{{$oidc_provider_arn_aws}}"},"Action":"sts:AssumeRoleWithWebIdentity","Condition":{"StringLike":{"{{$oidc_subject_key_aws}}":"system:serviceaccount:${SERVICE_ACCOUNT}"}}},{"Effect":"Allow","Principal":{"Federated":"{{$oidc_provider_arn_eks}}"},"Action":"sts:AssumeRoleWithWebIdentity","Condition":{"StringLike":{"{{$oidc_subject_key_eks}}":"system:serviceaccount:${SERVICE_ACCOUNT}"}}}]}'
40-
{{- else }}
41-
oidc-trust-relationship-template: '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Federated":"{{$oidc_provider_arn_aws}}"},"Action":"sts:AssumeRoleWithWebIdentity","Condition":{"StringLike":{"{{$oidc_subject_key_aws}}":"system:serviceaccount:${SERVICE_ACCOUNT}"}}}]}'
42-
{{- end }}
43-
{{- end }}
4419
s3-bucket-name: "{{ .Cluster.ConfigItems.deployment_service_bucket_name }}"
4520
status-service-url: "https://depl-status-{{.Cluster.Alias}}.{{.Values.hosted_zone}}"
4621
status-service-url-local: "http://deployment-status-service.ingress.cluster.local."

test/e2e/cluster_config.sh

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,6 @@ clusters:
4646
okta_auth_client_id: "kubernetes.cluster.teapot-e2e"
4747
teapot_admission_controller_validate_pod_images_soft_fail_namespaces: "^kube-system$"
4848
eks_okta_identity_provider: "false" # disabled to speed up EKS cluster creation for e2e.
49-
eks_legacy_cluster_local_id: "e2e-${CDP_BUILD_VERSION}-aws"
5049
skipper_open_policy_agent_enabled: "${SKIPPER_OPA_ENABLED}"
5150
skipper_open_policy_agent_styra_token: "${STYRA_TOKEN}"
5251
skipper_open_policy_agent_bucket_arn: "${SKIPPER_OPA_BUCKET_ARN}"

0 commit comments

Comments
 (0)