37 lines
1.4 KiB
Jsonnet
37 lines
1.4 KiB
Jsonnet
local chart = import '../chart.jsonnet';
|
|
local common = import '../common.jsonnet';
|
|
local deployment_manifest = import '../deployment_manifest.jsonnet';
|
|
local deployment = deployment_manifest.deployment;
|
|
local sourceEnvironment = deployment_manifest.sandboxParams.source.environment;
|
|
local environment = deployment_manifest.environment;
|
|
local full_name = chart.full_service_name(deployment.name);
|
|
local namespace_values = import '../namespace_values.jsonnet';
|
|
|
|
if (deployment_manifest.extraResources != null
|
|
&& 'aws_access' in deployment_manifest.extraResources) then
|
|
if (namespace_values.zalandoEnabled) then {
|
|
apiVersion: 'zalando.org/v1',
|
|
kind: 'AWSIAMRole',
|
|
metadata: {
|
|
name: '%s-%s' % [full_name, environment],
|
|
namespace: deployment_manifest.deployment.namespace,
|
|
annotations: common.annotations,
|
|
},
|
|
spec: {
|
|
roleReference: '%s-%s' % [full_name, sourceEnvironment],
|
|
},
|
|
} else {
|
|
apiVersion: 'v1',
|
|
kind: 'ServiceAccount',
|
|
metadata: {
|
|
annotations: {
|
|
'eks.amazonaws.com/role-arn': 'arn:aws:iam::%s:role/%s-%s' % [namespace_values.awsAccountId, full_name, sourceEnvironment],
|
|
'eks.amazonaws.com/sts-regional-endpoints': 'true',
|
|
'eks.amazonaws.com/token-expiration': '10800',
|
|
},
|
|
name: '%s-%s' % [full_name, environment],
|
|
namespace: deployment_manifest.deployment.namespace,
|
|
},
|
|
}
|
|
else null
|