Adding rad install changes for AWS IRSA support (#7741)

# Description

Added changes in deployment yaml to enable `global.awsIRSA.enabled` to
true it is set using `rad install kubernetes` command

## Type of change

<!--

Please select **one** of the following options that describes your
change and delete the others. Clearly identifying the type of change you
are making will help us review your PR faster, and is used in authoring
release notes.

If you are making a bug fix or functionality change to Radius and do not
have an associated issue link please create one now.

-->

- This pull request fixes a bug in Radius and has an approved issue
(issue link required).
- This pull request adds or changes features of Radius and has an
approved issue (issue link required).
- This pull request is a minor refactor, code cleanup, test improvement,
or other maintenance task and doesn't change the functionality of Radius
(issue link optional).

<!--

Please update the following to link the associated issue. This is
required for some kinds of changes (see above).

-->

Fixes: #issue_number

---------

Signed-off-by: Vishwanath Hiremath <[email protected]>
Co-authored-by: Karishma Chawla <[email protected]>

deploy/Chart/templates/rp/deployment.yaml

@@ -69,6 +69,10 @@ spec:
         volumeMounts:
         - name: config-volume
           mountPath: /etc/config
+        {{- if eq .Values.global.aws.irsa.enabled true }}
+        - name: aws-iam-token
+          mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount
+        {{- end }}
         - name: terraform
           mountPath: {{ .Values.rp.terraform.path }}
         {{- if .Values.global.rootCA.cert }}
@@ -83,6 +87,15 @@ spec:
         - name: config-volume
           configMap:
             name: applications-rp-config
+        {{- if eq .Values.global.aws.irsa.enabled true }}
+        - name: aws-iam-token
+          projected:
+            sources:
+            - serviceAccountToken:
+                path: token
+                expirationSeconds: 86400
+                audience: "sts.amazonaws.com"
+        {{- end }}
         - name: terraform
           emptyDir: {}
         {{- if .Values.global.rootCA.cert }}

deploy/Chart/templates/ucp/deployment.yaml

@@ -63,6 +63,10 @@ spec:
         volumeMounts:
         - name: config-volume
           mountPath: /etc/config
+        {{- if eq .Values.global.aws.irsa.enabled true }}
+        - name: aws-iam-token
+          mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount
+        {{- end }}
         - name: cert
           mountPath: '/var/tls/cert'
           readOnly: true
@@ -77,6 +81,15 @@ spec:
             # Provide the name of the ConfigMap containing the files you want
             # to add to the container
             name: ucp-config
+        {{- if eq .Values.global.aws.irsa.enabled true }}
+        - name: aws-iam-token
+          projected:
+            sources:
+            - serviceAccountToken:
+                path: token
+                expirationSeconds: 86400
+                audience: "sts.amazonaws.com"
+        {{- end }}
         - name: cert
           secret:
             secretName: ucp-cert

deploy/Chart/values.yaml

@@ -26,6 +26,12 @@ global:
   azureWorkloadIdentity:
     enabled: false
 
+  # Configure global.aws.irsa.enabled=true to enable AWS IRSA.
+  # Disabled by default.
+  aws:
+    irsa:
+      enabled: false
+
 controller:
   image: ghcr.io/radius-project/controller
   # Default tag uses Chart AppVersion.