Skip to content

giantswarm/capa-iam-operator

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Folders and files

NameName
Last commit message
Last commit date
Nov 6, 2024
Aug 26, 2024
Dec 9, 2024
Oct 21, 2024
Jun 22, 2021
Apr 15, 2024
Sep 20, 2024
Jun 22, 2021
Mar 10, 2023
Jan 3, 2024
Aug 21, 2023
Aug 21, 2024
Oct 21, 2024
Aug 21, 2023
Jun 24, 2021
Aug 21, 2024
Mar 20, 2024
Aug 21, 2024
Mar 10, 2023
Aug 21, 2024
Aug 26, 2024
Jun 6, 2024
Oct 6, 2021
May 2, 2024
Dec 9, 2024
Dec 9, 2024
Aug 21, 2024
Oct 23, 2023

Repository files navigation

CircleCI

capa-iam-operator

capa-iam-operator is creating unique IAM roles for each CAPA cluster, it watches AWSMachineTemplate CRs and reads AWSMachineTemplate.spec.template.spec.iamInstanceProfile for ControlPlane and AWSMachinePool CRs and reads AWSMachinePool.spec.awsLaunchTemplate.iamInstanceProfile.

If the IAM role in CR is found in the AWS API it will skip the creation, if its missing it will create a new one from a template.

IAM roles for Control Plane

In addition to the IAM role for Control plane nodes, capa-iam-operator wil also create IAM role for kiam app and Route53 role for external-dns app.

You can disable creating KIAM and Route53 roles via arguments --enable-kiam-role=false and --enable-route53-role=false. Route53 role will be only created if KIAm role is enabled, as it depends on it.

IAM roles for Worker nodes

For each AWSMachinePool CR, a separate IAM role will be created.