2021-02-22 13:41:32 +00:00
|
|
|
{{- if eq .Values.platform "aws" }}
|
2021-02-12 11:04:16 +00:00
|
|
|
# Controller role which is more or less cluster-admin once enrolled
|
|
|
|
apiVersion: iamauthenticator.k8s.aws/v1alpha1
|
|
|
|
kind: IAMIdentityMapping
|
|
|
|
metadata:
|
|
|
|
name: kubezero-controllers
|
|
|
|
spec:
|
|
|
|
arn: {{ .Values.ControllerIamRole }}
|
|
|
|
username: kubezero-controller
|
|
|
|
groups:
|
|
|
|
- system:masters
|
|
|
|
|
|
|
|
---
|
|
|
|
# Worker role to eg. delete former self etc.
|
|
|
|
apiVersion: iamauthenticator.k8s.aws/v1alpha1
|
|
|
|
kind: IAMIdentityMapping
|
|
|
|
metadata:
|
|
|
|
name: kubezero-workers
|
|
|
|
spec:
|
|
|
|
arn: {{ .Values.WorkerIamRole }}
|
|
|
|
username: kubezero-worker
|
|
|
|
groups:
|
|
|
|
- system:masters
|
|
|
|
|
|
|
|
---
|
|
|
|
# Admin Role for remote access
|
|
|
|
apiVersion: iamauthenticator.k8s.aws/v1alpha1
|
|
|
|
kind: IAMIdentityMapping
|
|
|
|
metadata:
|
|
|
|
name: kubernetes-admin
|
|
|
|
spec:
|
|
|
|
arn: {{ .Values.kubeAdminRole }}
|
|
|
|
username: kubernetes-admin
|
|
|
|
groups:
|
|
|
|
- system:masters
|
2021-02-22 13:41:32 +00:00
|
|
|
{{- end }}
|