Skip to content

Commit 7a78f06

Browse files
githubjianligithubjianli
authored
Merge pull request #146 from ExpediaGroup/feature/update_svc
fix: update k8s service account creation
2 parents 8538d72 + 2b27fc6 commit 7a78f06

File tree

4 files changed

+27
-5
lines changed

4 files changed

+27
-5
lines changed

CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
33

44
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
55

6+
## [4.5.2] - 2024-06-04
7+
### Updated
8+
- Changed Service account creation to make it work with eks 1.24 and later.
9+
610
## [4.5.1] - 2024-05-08
711
### Added
812
- Adding tags to the Datadog agent

iam-k8s.tf

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,8 @@ resource "aws_iam_role" "waggle_dance_k8s_role_iam" {
1818
"Action": "sts:AssumeRoleWithWebIdentity",
1919
"Condition": {
2020
"StringEquals": {
21-
"${var.oidc_provider}:sub": "system:serviceaccount:${var.k8s_namespace}:${local.instance_alias}"
21+
"${var.oidc_provider}:sub": "system:serviceaccount:${var.k8s_namespace}:${local.instance_alias}",
22+
"${var.oidc_provider}:aud": "sts.amazonaws.com"
2223
}
2324
}
2425
}

k8s.tf

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ locals {
1313
k8s_cpu_limit = length(var.cpu_limit) != 0 ? var.cpu_limit / 1024 : (var.cpu / 1024) * 1.25
1414
}
1515

16-
resource "kubernetes_service_account" "waggle_dance" {
16+
resource "kubernetes_service_account_v1" "waggle_dance" {
1717
count = var.wd_instance_type == "k8s" ? 1 : 0
1818
metadata {
1919
name = local.instance_alias
@@ -22,7 +22,23 @@ resource "kubernetes_service_account" "waggle_dance" {
2222
"eks.amazonaws.com/role-arn" = var.oidc_provider == "" ? "" : aws_iam_role.waggle_dance_k8s_role_iam[0].arn
2323
}
2424
}
25-
automount_service_account_token = true
25+
}
26+
27+
resource "kubernetes_secret_v1" "waggle_dance" {
28+
count = var.wd_instance_type == "k8s" ? 1 : 0
29+
metadata {
30+
name = local.instance_alias
31+
namespace = var.k8s_namespace
32+
annotations = {
33+
"kubernetes.io/service-account.name" = local.instance_alias
34+
"kubernetes.io/service-account.namespace" = var.k8s_namespace
35+
}
36+
}
37+
type = "kubernetes.io/service-account-token"
38+
39+
depends_on = [
40+
kubernetes_service_account_v1.waggle_dance
41+
]
2642
}
2743

2844
resource "kubernetes_deployment_v1" "waggle_dance" {
@@ -55,11 +71,12 @@ resource "kubernetes_deployment_v1" "waggle_dance" {
5571
"prometheus.io/scrape" : var.prometheus_enabled
5672
"prometheus.io/port" : local.actuator_port
5773
"prometheus.io/path" : "/actuator/prometheus"
74+
"iam.amazonaws.com/role" = var.oidc_provider == "" ? aws_iam_role.waggle_dance_k8s_role_iam[0].name : null
5875
}
5976
}
6077

6178
spec {
62-
service_account_name = kubernetes_service_account.waggle_dance[0].metadata.0.name
79+
service_account_name = kubernetes_service_account_v1.waggle_dance[0].metadata.0.name
6380
automount_service_account_token = true
6481
container {
6582
image = "${var.docker_image}:${var.docker_version}"

version.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ terraform {
99
required_providers {
1010
aws = {
1111
source = "hashicorp/aws"
12-
version = ">= 2.7.0"
12+
version = ">= 2.13.0"
1313
configuration_aliases = [aws.remote]
1414
}
1515
datadog = {

0 commit comments

Comments
 (0)