kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #16113 from h3poteto/iss-16027 

Replace * in IAM tags when IRSA namespace has wildcard
This commit is contained in:
Kubernetes Prow Robot 2023-11-20 18:43:09 +01:00 committed by GitHub
parent 528710f775 91d3e89313
commit bcbf6c79a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/model/context.go
View File

@ -200,7 +200,7 @@ func (b *KopsModelContext) CloudTagsForInstanceGroup(ig *kops.InstanceGroup) (ma
func (b *KopsModelContext) CloudTagsForServiceAccount(name string, sa types.NamespacedName) map[string]string {
tags := b.CloudTags(name, false)
tags[awstasks.CloudTagServiceAccountName] = sa.Name
tags[awstasks.CloudTagServiceAccountNamespace] = sa.Namespace
tags[awstasks.CloudTagServiceAccountNamespace] = strings.ReplaceAll(sa.Namespace, "*", "wildcard")
return tags
}

2
tests/integration/update_cluster/irsa/kubernetes.tf
View File

@ -433,7 +433,7 @@ resource "aws_iam_role" "myserviceaccount-test-wildcard-sa-minimal-example-com"
"Name" = "myserviceaccount.test-wildcard.sa.minimal.example.com"
"kubernetes.io/cluster/minimal.example.com" = "owned"
"service-account.kops.k8s.io/name" = "myserviceaccount"
"service-account.kops.k8s.io/namespace" = "test-*"
"service-account.kops.k8s.io/namespace" = "test-wildcard"
}
}