From 6d769e3a22f02d2e609c226974b1b85377acf9b7 Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Fri, 18 Sep 2020 16:20:45 +0100
Subject: [PATCH] Add kube-system ns annotate to boot flow

---
 deploy/deploy.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/deploy/deploy.sh b/deploy/deploy.sh
index 87bc412..40e3121 100755
--- a/deploy/deploy.sh
+++ b/deploy/deploy.sh
@@ -62,6 +62,9 @@ EOF
     kubectl wait --for=condition=Ready -n kube-system Issuer/kubezero-local-ca-issuer
   fi
 
+  # Make sure kube-system is allowed to kiam
+  kubectl annotate --overwrite namespace kube-system 'iam.amazonaws.com/permitted=.*'
+
   # Now that we have the cert-manager webhook, get the kiam certs in place but do NOT deploy kiam yet
   helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-3.yaml > generated-values.yaml
   helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml