-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvariables-addon-irsa.tf
More file actions
175 lines (146 loc) · 6.41 KB
/
variables-addon-irsa.tf
File metadata and controls
175 lines (146 loc) · 6.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
# IMPORTANT: This file is synced with the "terraform-aws-eks-universal-addon" template. Any changes to this file might be overwritten upon the next release of the template.
variable "cluster_identity_oidc_issuer" {
type = string
default = null
description = "The OIDC Identity issuer for the cluster (required for IRSA). Defaults to `\"\"`."
}
variable "cluster_identity_oidc_issuer_arn" {
type = string
default = null
description = "The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a Service Account (required for IRSA). Defaults to `\"\"`."
}
variable "rbac_create" {
type = bool
default = null
description = "Whether to create and use RBAC resources. Defaults to `true`."
}
variable "service_account_create" {
type = bool
default = null
description = "Whether to create Service Account. Defaults to `true`."
}
variable "service_account_name" {
type = string
default = null
description = "The Kubernetes Service Account name. Defaults to `\"\"`."
}
variable "service_account_namespace" {
type = string
default = null
description = "The Kubernetes Service Account namespace. Defaults to `\"\"`."
}
variable "irsa_role_create" {
type = bool
default = null
description = "Whether to create IRSA role and annotate Service Account. Defaults to `true`."
}
variable "irsa_role_name_prefix" {
type = string
default = null
description = "IRSA role name prefix. Either `irsa_role_name_prefix` or `irsa_role_name` must be set. Defaults to `\"\"`."
}
variable "irsa_role_name" {
type = string
default = null
description = "IRSA role name. The value is prefixed by `irsa_role_name_prefix`. Either `irsa_role_name` or `irsa_role_name_prefix` must be set. Defaults to `\"\"`."
}
variable "irsa_role_additional_trust_policies" {
type = map(any)
default = null
description = "Map of additional trust policy statements to attach to the IRSA role where map key is a statement SID and value is a statement object. Defaults to `{}`."
}
variable "irsa_policy_enabled" {
type = bool
default = null
description = "Whether to create IAM policy specified by `irsa_policy`. Defaults to `false`."
}
variable "irsa_policy" {
type = string
default = null
description = "AWS IAM policy JSON document to be attached to the IRSA role. Applied only if `irsa_policy_enabled` is `true`. Defaults to `\"\"`."
}
variable "irsa_assume_role_enabled" {
type = bool
default = null
description = "Whether IRSA is allowed to assume role defined by `irsa_assume_role_arn`. Defaults to `false`."
}
variable "irsa_assume_role_arns" {
type = list(string)
default = null
description = "List of ARNs assumable by the IRSA role. Applied only if `irsa_assume_role_enabled` is `true`. Defaults to `[]`."
}
variable "irsa_permissions_boundary" {
type = string
default = null
description = "ARN of the policy that is used to set the permissions boundary for the IRSA role. Defaults to `null`."
}
variable "irsa_additional_policies" {
type = map(string)
default = null
description = "Map of the additional policies to be attached to IRSA role. Where key is arbitrary id and value is policy ARN. Defaults to `{}`."
}
variable "irsa_tags" {
type = map(string)
default = null
description = "IRSA resources tags. Defaults to `{}`."
}
variable "irsa_assume_role_policy_condition_test" {
type = string
default = null
description = "Specifies the condition test to use for the assume role trust policy. Defaults to `StringEquals`."
}
variable "irsa_assume_role_policy_condition_values" {
type = list(string)
default = null
description = "Specifies the values for the assume role trust policy condition. Each entry in this list must follow the required format `system:serviceaccount:$service_account_namespace:$service_account_name`. If this variable is left as the default, `local.irsa_assume_role_policy_condition_values_default` is used instead, which is a list containing a single value. Note that if this list is defined, the `service_account_name` and `service_account_namespace` variables are ignored. Defaults to `[]`."
}
variable "cluster_name" {
type = string
default = null
description = "The name of the cluster (required for Pod Identity). Defaults to `\"\"`."
}
variable "pod_identity_role_create" {
type = bool
default = null
description = "Whether to create Pod Identity role and annotate Service Account. Defaults to `false`."
}
variable "pod_identity_role_name_prefix" {
type = string
default = null
description = "Pod identity role name prefix. Either `pod_identity_role_name_prefix` or `pod_identity_role_name` must be set. Defaults to `\"\"`."
}
variable "pod_identity_role_name" {
type = string
default = null
description = "Pod identity role name. The value is prefixed by `pod_identity_role_name_prefix`. Either `pod_identity_role_name` or `pod_identity_role_name_prefix` must be set. Defaults to `\"\"`."
}
variable "pod_identity_role_additional_trust_policies" {
type = map(any)
default = null
description = "Additional trust policy statements to attach to the Pod Identity role where map key is a statement SID and value is a statement object. Defaults to `{}`."
}
variable "pod_identity_policy_enabled" {
type = bool
default = null
description = "Whether to create IAM policy specified by `pod_identity_policy`. Defaults to `false`."
}
variable "pod_identity_policy" {
type = string
default = null
description = "AWS IAM policy JSON document to be attached to the Pod Identity role. Applied only if `pod_identity_policy_enabled` is `true`. Defaults to `\"\"`."
}
variable "pod_identity_permissions_boundary" {
type = string
default = null
description = "ARN of the policy that is used to set the permissions boundary for the Pod Identity role. Defaults to `null`."
}
variable "pod_identity_additional_policies" {
type = map(string)
default = null
description = "Map of the additional policies to be attached to Pod Identity role. Where key is arbitrary id and value is policy ARN. Defaults to `{}`."
}
variable "pod_identity_tags" {
type = map(string)
default = null
description = "Pod identity resources tags. Defaults to `{}`."
}