{{- if .Values.api.awsIamAuth.enabled }}
apiVersion: iamauthenticator.k8s.aws/v1alpha1
kind: IAMIdentityMapping
metadata:
  name: kubezero-worker-nodes
spec:
  arn: {{ .Values.api.awsIamAuth.workerNodeRole }}
  username: system:node:{{ "{{" }}EC2PrivateDNSName{{ "}}" }}
  groups:
  - system:bootstrappers:kubeadm:default-node-token
---

# Admin Role for remote access
apiVersion: iamauthenticator.k8s.aws/v1alpha1
kind: IAMIdentityMapping
metadata:
  name: kubernetes-admin
spec:
  arn: {{ .Values.api.awsIamAuth.kubeAdminRole }}
  username: kubernetes-admin
  groups:
  - system:masters
{{- end }}