kOps managed OIDC provider is no longer needed for IRSA

It's assumed users will manage the OIDC provider themselves in that case
2022-09-07 07:40:17 +02:00 · 2022-09-07 07:40:17 +02:00 · 36bd9e6ff1
parent 4c186af5fe
commit 36bd9e6ff1
1 changed files with 0 additions and 3 deletions
--- a/pkg/apis/kops/validation/validation.go
+++ b/pkg/apis/kops/validation/validation.go
@ -290,9 +290,6 @@ func validateClusterSpec(spec *kops.ClusterSpec, c *kops.Cluster, fieldPath *fie
 		}

 		if len(spec.IAM.ServiceAccountExternalPermissions) > 0 {
-			if spec.ServiceAccountIssuerDiscovery == nil || !spec.ServiceAccountIssuerDiscovery.EnableAWSOIDCProvider {
-				allErrs = append(allErrs, field.Forbidden(fieldPath.Child("iam", "serviceAccountExternalPermissions"), "serviceAccountExternalPermissions requires AWS OIDC Provider to be enabled"))
-			}
 			allErrs = append(allErrs, validateSAExternalPermissions(spec.IAM.ServiceAccountExternalPermissions, fieldPath.Child("iam", "serviceAccountExternalPermissions"))...)
 		}
 	}