Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disallow IRSA config if addon has existing pod identity associations #7813

Merged
merged 1 commit into from
Jun 3, 2024

Conversation

cPu1
Copy link
Contributor

@cPu1 cPu1 commented Jun 3, 2024

Description

Disallows setting IRSA config if addon has existing pod identity associations.

Checklist

  • Added tests that cover your change (if possible)
  • Added/modified documentation as required (such as the README.md, or the userdocs directory)
  • Manually tested
  • Made sure the title of the PR is a good description that can go into the release notes
  • (Core team) Added labels for change area (e.g. area/nodegroup) and kind (e.g. kind/improvement)

BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯

  • Backfilled missing tests for code in same general area 🎉
  • Refactored something and made the world a better place 🌟

@cPu1 cPu1 added the skip-release-notes Causes PR not to show in release notes label Jun 3, 2024
@cPu1 cPu1 force-pushed the addon-podidentity-update branch from 8ede538 to f2b9816 Compare June 3, 2024 23:10
Copy link
Member

@a-hilaly a-hilaly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@@ -77,7 +77,7 @@ func (a *Manager) Update(ctx context.Context, addon *api.Addon, podIdentityIAMUp
}

var deleteServiceAccountIAMResources []string
if len(summary.PodIdentityAssociations) > 0 && !addon.UseDefaultPodIdentityAssociations {
if len(summary.PodIdentityAssociations) > 0 && !addon.UseDefaultPodIdentityAssociations && !a.clusterConfig.AddonsConfig.AutoApplyPodIdentityAssociations {
if addon.PodIdentityAssociations == nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

qq/non-blocking: What's the reason behind using an array pointer here? (PodIdentityAssociations *[]PodIdentityAssociation

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To remove pod identity associations from an addon, a user needs to explicitly set this field to the empty slice. A pointer is used to distinguish between an unspecified field and an empty slice.

@cPu1 cPu1 merged commit 8a4de0a into eksctl-io:main Jun 3, 2024
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
skip-release-notes Causes PR not to show in release notes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants