From 81b89fda6b7b64b44e056110a53746b1ea2acd1b Mon Sep 17 00:00:00 2001 From: Vishwanath Hiremath <100623239+vishwahiremat@users.noreply.github.com> Date: Tue, 30 Jul 2024 08:19:44 -0700 Subject: [PATCH] Adding rad install changes for AWS IRSA support (#7741) # Description Added changes in deployment yaml to enable `global.awsIRSA.enabled` to true it is set using `rad install kubernetes` command ## Type of change - This pull request fixes a bug in Radius and has an approved issue (issue link required). - This pull request adds or changes features of Radius and has an approved issue (issue link required). - This pull request is a minor refactor, code cleanup, test improvement, or other maintenance task and doesn't change the functionality of Radius (issue link optional). Fixes: #issue_number --------- Signed-off-by: Vishwanath Hiremath Co-authored-by: Karishma Chawla --- deploy/Chart/templates/rp/deployment.yaml | 13 +++++++++++++ deploy/Chart/templates/ucp/deployment.yaml | 13 +++++++++++++ deploy/Chart/values.yaml | 6 ++++++ 3 files changed, 32 insertions(+) diff --git a/deploy/Chart/templates/rp/deployment.yaml b/deploy/Chart/templates/rp/deployment.yaml index c82fba9016..5763657a9c 100644 --- a/deploy/Chart/templates/rp/deployment.yaml +++ b/deploy/Chart/templates/rp/deployment.yaml @@ -69,6 +69,10 @@ spec: volumeMounts: - name: config-volume mountPath: /etc/config + {{- if eq .Values.global.aws.irsa.enabled true }} + - name: aws-iam-token + mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount + {{- end }} - name: terraform mountPath: {{ .Values.rp.terraform.path }} {{- if .Values.global.rootCA.cert }} @@ -83,6 +87,15 @@ spec: - name: config-volume configMap: name: applications-rp-config + {{- if eq .Values.global.aws.irsa.enabled true }} + - name: aws-iam-token + projected: + sources: + - serviceAccountToken: + path: token + expirationSeconds: 86400 + audience: "sts.amazonaws.com" + {{- end }} - name: terraform emptyDir: {} {{- if .Values.global.rootCA.cert }} diff --git a/deploy/Chart/templates/ucp/deployment.yaml b/deploy/Chart/templates/ucp/deployment.yaml index 4c497fd8e6..0112c0d086 100644 --- a/deploy/Chart/templates/ucp/deployment.yaml +++ b/deploy/Chart/templates/ucp/deployment.yaml @@ -63,6 +63,10 @@ spec: volumeMounts: - name: config-volume mountPath: /etc/config + {{- if eq .Values.global.aws.irsa.enabled true }} + - name: aws-iam-token + mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount + {{- end }} - name: cert mountPath: '/var/tls/cert' readOnly: true @@ -77,6 +81,15 @@ spec: # Provide the name of the ConfigMap containing the files you want # to add to the container name: ucp-config + {{- if eq .Values.global.aws.irsa.enabled true }} + - name: aws-iam-token + projected: + sources: + - serviceAccountToken: + path: token + expirationSeconds: 86400 + audience: "sts.amazonaws.com" + {{- end }} - name: cert secret: secretName: ucp-cert diff --git a/deploy/Chart/values.yaml b/deploy/Chart/values.yaml index 359aff7f19..eb39f707ad 100644 --- a/deploy/Chart/values.yaml +++ b/deploy/Chart/values.yaml @@ -26,6 +26,12 @@ global: azureWorkloadIdentity: enabled: false + # Configure global.aws.irsa.enabled=true to enable AWS IRSA. + # Disabled by default. + aws: + irsa: + enabled: false + controller: image: ghcr.io/radius-project/controller # Default tag uses Chart AppVersion.