in standalone/aws_auth_config.py [0:0]
def construct_configmap_object(account_id,cfg_map_user_name, cfg_map_role_name, cluster_role_name):
cfg_metadata = client.V1ObjectMeta( name="aws-auth",namespace="kube-system")
#{
# 'mapRoles': '- rolearn: arn:aws:iam::<account_id>:role/DemoEKS-NodeInstanceRole\n username: system:node:{{EC2PrivateDNSName}}\n groups:\n - system:bootstrappers\n - system:nodes\n\n- rolearn: arn:aws:iam::<account_id>:role/TeamRole\n username: TeamRole\n groups:\n - system:masters\n',
# 'mapUsers': '- userarn: arn:aws:iam::<account_id>:user/sukumar\n username: sukumar\n groups:\n - system:masters\n'
#}
#prepare role arn
#arn:aws:iam::<account_id>:role/EKS-NodeInstanceRole
node_role_arn = 'arn:aws:iam::' + account_id + ':role/' + cluster_role_name
map_role_txt = '- rolearn: ' + node_role_arn + '\n username: system:node:{{EC2PrivateDNSName}}\n groups:\n - system:bootstrappers\n - system:nodes\n'
if cfg_map_role_name != '':
# arn:aws:iam::<account_id>:role/TeamRole
iam_role_arn = 'arn:aws:iam::' + account_id + ':role/' + cfg_map_role_name
map_role_txt = map_role_txt + '- rolearn: ' + iam_role_arn + '\n username: ' + cfg_map_role_name + '\n groups:\n - system:masters\n'
#prepare user arn
user_arn = ''
if cfg_map_user_name != '':
#arn:aws:iam::<account_id>:user/sukumar-test
user_arn = 'arn:aws:iam::' + account_id + ':user/' + cfg_map_user_name
if user_arn != '':
map_user_txt = '- userarn: ' + user_arn +'\n username: ' + cfg_map_user_name + '\n groups:\n - system:masters\n'
cfg_data = {
'mapRoles': map_role_txt,
'mapUsers': map_user_txt
}
else:
cfg_data= {
'mapRoles': map_role_txt
}
#print("AWS auth-cfg Config data:\n\n")
#print(cfg_data)
#Config data**\n\n")
#TODO. add IAM group, once support is added in EKS. refer enhancement request in container roadmap.
configmap = client.V1ConfigMap(
api_version=CFG_MAP_API_VERSION,
kind="ConfigMap",
metadata=cfg_metadata,
data=cfg_data
)
return configmap