projects / osm / devops.git / blob
? search:


3e61f8182762e3528c2e4c3488bb311bb1850f56
[osm/devops.git] /
1 #######################################################################################
2 # Copyright ETSI Contributors and Others.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 #    http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
13 # implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
16 #######################################################################################
17
18 ---
19 apiVersion: iam.aws.upbound.io/v1beta1
20 kind: RolePolicyAttachment
21 metadata:
22   name: ${cluster_resource_name}-cluster
23   labels:
24     provider: aws
25     cluster: ${cluster_resource_name}
26 spec:
27   forProvider:
28     policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
29     roleSelector:
30       matchLabels:
31         provider: aws
32         cluster: ${cluster_resource_name}
33         type: cluster
34   # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
35   providerConfigRef:
36     name: ${providerconfig_name}
37
38 ---
39 apiVersion: iam.aws.upbound.io/v1beta1
40 kind: RolePolicyAttachment
41 metadata:
42   name: ${cluster_resource_name}-service
43   labels:
44     provider: aws
45     cluster: ${cluster_resource_name}
46 spec:
47   forProvider:
48     policyArn: arn:aws:iam::aws:policy/AmazonEKSServicePolicy
49     roleSelector:
50       matchLabels:
51         provider: aws
52         cluster: ${cluster_resource_name}
53         type: cluster
54   # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
55   providerConfigRef:
56     name: ${providerconfig_name}
57
58 ---
59 apiVersion: iam.aws.upbound.io/v1beta1
60 kind: RolePolicyAttachment
61 metadata:
62   name: ${cluster_resource_name}-vpccontroller
63   labels:
64     provider: aws
65     cluster: ${cluster_resource_name}
66 spec:
67   forProvider:
68     policyArn: arn:aws:iam::aws:policy/AmazonEKSVPCResourceController
69     roleSelector:
70       matchLabels:
71         provider: aws
72         cluster: ${cluster_resource_name}
73         type: cluster
74   # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
75   providerConfigRef:
76     name: ${providerconfig_name}
77
78 ---
79 apiVersion: iam.aws.upbound.io/v1beta1
80 kind: RolePolicyAttachment
81 metadata:
82   name: ${cluster_resource_name}-worker
83   labels:
84     provider: aws
85     cluster: ${cluster_resource_name}
86 spec:
87   forProvider:
88     policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
89     roleSelector:
90       matchLabels:
91         provider: aws
92         cluster: ${cluster_resource_name}
93         type: ec2
94   # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
95   providerConfigRef:
96     name: ${providerconfig_name}
97
98 ---
99 apiVersion: iam.aws.upbound.io/v1beta1
100 kind: RolePolicyAttachment
101 metadata:
102   name: ${cluster_resource_name}-cni
103   labels:
104     provider: aws
105     cluster: ${cluster_resource_name}
106 spec:
107   forProvider:
108     policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
109     roleSelector:
110       matchLabels:
111         provider: aws
112         cluster: ${cluster_resource_name}
113         type: ec2
114   # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
115   providerConfigRef:
116     name: ${providerconfig_name}
117
118 ---
119 apiVersion: iam.aws.upbound.io/v1beta1
120 kind: RolePolicyAttachment
121 metadata:
122   name: ${cluster_resource_name}-registry
123   labels:
124     provider: aws
125     cluster: ${cluster_resource_name}
126 spec:
127   forProvider:
128     policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
129     roleSelector:
130       matchLabels:
131         provider: aws
132         cluster: ${cluster_resource_name}
133         type: ec2
134   # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
135   providerConfigRef:
136     name: ${providerconfig_name}