This document explains configmap variables.
Property | Definition | Default | Required/Optional |
---|---|---|---|
iam.policy.action.prefix.whitelist | Allowed IAM policy actions | Optional | |
iam.policy.resource.blacklist | Restricted IAM policy resource | Optional | |
iam.policy.s3.restricted.resource | Restricted S3 resource | Optional | |
aws.accountId | AWS account ID where IAM roles are created | Optional | |
iam.managed.policies | User managed IAM policies | Optional | |
iam.managed.permission.boundary.policy | User managed permission boundary policy | k8s-iam-manager-cluster-permission-boundary | Required |
webhook.enabled | Enable webhook? | false | Required |
iam.role.max.limit.per.namespace | Maximum number of roles per namespace | 1 | Required |
aws.region | AWS Region | us-west-2 | Required |
iam.default.trust.policy | Default trust policy role. This must follow v1alpha1.AssumeRolePolicyDocument syntax | Optional | |
iam.role.derive.from.namespace | Derive iam role name from namespace? if true it will be k8s- | false | Optional |
controller.desired.frequency | Controller frequency to check the state of the world (in seconds) | 300 | Optional |
k8s.cluster.name | Name of the cluster | Optional | |
k8s.cluster.oidc.issuer.url | OIDC issuer of the cluster | Optional | |
iam.irsa.enabled | Enable IRSA option? | false | Optional |