build: adding aws-auth configMap provisioning into chart (#32)

README.md

@@ -166,8 +166,6 @@ REVISION: 1
 TEST SUITE: None
 ```
 
-[work-in-progress]
-
 ### Authentication
 
 For this tool to be able to authenticate with AWS (required when translating PermissionSet name to role ARN) it is recommended to use [AWS IRSA](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html), however any authentication methos it supported (you can also add `~/.aws/config` or `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables.

chart/aws-iam-authenticator-sso-wrapper/Chart.yaml

@@ -1,8 +1,8 @@
 name: aws-iam-authenticator-sso-wrapper
 description: aws-iam-authenticator-sso-wrapper Chart
 apiVersion: v2
-appVersion: "v0.0.13"
-version: v0.0.14
+appVersion: v0.0.13
+version: v0.0.15
 home: https://github.com/justinas-b/aws-iam-authenticator-sso-wrapper
 maintainers:
   - name: justinas-b

chart/aws-iam-authenticator-sso-wrapper/templates/configmap.yaml

@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ .Chart.Name }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Values.deployment.image.tag }}
+    app.kubernetes.io/name: {{ .Chart.Name }}
+    app.kubernetes.io/component: app
+    app.kubernetes.io/managed-by: helm
+  name: {{ .Values.deployment.applicationArguments.srcConfigmap }}
+  namespace: {{ .Release.Namespace }}
+data:
+  {{- with .Values.sourceConfigmap }}
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
+---

chart/aws-iam-authenticator-sso-wrapper/templates/serviceAccount.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
   labels:
     app: {{ .Chart.Name }}
     helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"

chart/aws-iam-authenticator-sso-wrapper/values.yaml

@@ -1,39 +1,48 @@
 ---
 deployment:
   replicas: 1
-
   podLabels:
     environment: "test"
-
   podAnnotations:
     environment: "test"
-
   # imagePullSecrets:
   #   - name: myImagePullSecret
-
   image:
     repository: justinasb/aws-iam-authenticator-sso-wrapper
     tag: v0.0.13
     pullPolicy: IfNotPresent
-
   resources:
     limits:
       cpu: "200m"
       memory: "128Mi"
     requests:
       cpu: "100m"
       memory: "64Mi"
-
   applicationArguments:
     dstNamespace: kube-system
     dstConfigmap: aws-auth
     debug: true
     interval: 1800
     srcConfigmap: aws-auth
-
 serviceaccount:
   labels:
     environment: "test"
   annotations:
     eks.amazonaws.com/role-arn: "arn:aws:iam::123456789012:role/my-iam-role"
+sourceConfigmap:
+  mapAccounts: |
+    []
+  mapUsers: |
+    []
+  mapRoles: |
+    - "groups":
+      - "system:masters"
+      "rolearn": "arn:aws:iam::000000000000:role/AWSReservedSSO_AdminRole_0123456789abcdef"
+      "username": "AdminRole:{{SessionName}}"
+    - "groups":
+      - "system:bootstrappers"
+      - "system:nodes"
+      - "system:masters"
+      "permissionset": "SRE"
+      "username": "SRE:{{SessionName}}"
 ---