-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.tf
54 lines (48 loc) · 1.13 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
locals {
roles = [{
rolearn = var.nodes_role
username = "system:node:{{EC2PrivateDNSName}}"
groups = [
"system:bootstrappers",
"system:nodes"
]
}]
master_roles = [
for role_arn in var.master_roles :
{
rolearn = role_arn
username = role_arn
groups = [
"system:masters"
]
}
]
users = [
for user_obj in var.master_users :
{
userarn = user_obj.arn
username = user_obj.username
groups = [
"system:masters"
]
}
]
}
resource "kubernetes_config_map" "aws_auth" {
metadata {
// The name of the ConfigMap needs to be `aws-auth`, as specified by AWS.
// For more info, please see here: https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
name = "aws-auth"
namespace = "kube-system"
labels = merge(
{
"app.kubernetes.io/managed-by" = "Terraform"
"terraform.io/module" = "github.com/koslib/terraform-aws-eks-auth"
}
)
}
data = {
mapRoles = yamlencode(concat(local.roles, local.master_roles))
mapUsers = yamlencode(local.users)
}
}