add support for China and remove annotation from service account

China doesn't use its local Route53 instance. Instead it uses external credentials to auth against the global Route53. Signed-off-by: Matias Charriere <[email protected]>
giantswarm · Sep 19, 2023 · 2794cee · 2794cee
1 parent afd8ec3
commit 2794cee
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 5 deletions.
diff --git a/service/controller/key/provider.go b/service/controller/key/provider.go
@@ -1,5 +1,11 @@
 package key
 
+import "strings"
+
 func IsAWS(provider string) bool {
 	return provider == "aws"
 }
+
+func IsAWSChina(region string) bool {
+	return strings.HasPrefix(region, "cn-")
+}
diff --git a/service/controller/resource/clusterconfigmap/desired.go b/service/controller/resource/clusterconfigmap/desired.go
@@ -151,14 +151,16 @@ func (r *Resource) GetDesiredState(ctx context.Context, obj interface{}) ([]*cor
 		externalDnsValues["aws"] = map[string]interface{}{
 			"batchChangeInterval": nil,
 		}
-		externalDnsValues["serviceAccount"] = map[string]interface{}{
-			"annotations": map[string]interface{}{
-				"eks.amazonaws.com/role-arn": fmt.Sprintf("arn:aws:iam::%s:role/%s-Route53Manager-Role", accountID, key.ClusterID(&cr)),
-			},
-		}
 		externalDnsValues["domainFilters"] = []string{
 			key.TenantEndpoint(&cr, bd),
 		}
+		if !key.IsAWSChina(awsCluster.Spec.Provider.Region) {
+			externalDnsValues["serviceAccount"] = map[string]interface{}{
+				"annotations": map[string]interface{}{
+					"eks.amazonaws.com/role-arn": fmt.Sprintf("arn:aws:iam::%s:role/%s-Route53Manager-Role", accountID, key.ClusterID(&cr)),
+				},
+			}
+		}
 	}
 
 	ciliumValues := map[string]interface{}{