diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2017-11-14 21:22:19 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-11-14 21:22:19 -0800 |
| commit | ec564267f4a25036c92a71be481cfd9e4c03537a (patch) | |
| tree | 0e46cd945ae5ddf1c0fe5ef3411fae10da18c314 /roles/openshift_aws/defaults | |
| parent | c5afbd8a7643f323f02c3bb1c04cf7f40444995c (diff) | |
| parent | 2a5352ee4fc3962dabd580f7807adb489e8da965 (diff) | |
| download | openshift-ec564267f4a25036c92a71be481cfd9e4c03537a.tar.gz openshift-ec564267f4a25036c92a71be481cfd9e4c03537a.tar.bz2 openshift-ec564267f4a25036c92a71be481cfd9e4c03537a.tar.xz openshift-ec564267f4a25036c92a71be481cfd9e4c03537a.zip | |
Merge pull request #6095 from kwoodson/add_instance_profile_support
Automatic merge from submit-queue.
Instance profile support.
Purpose of this PR is to remove the AWS cloud-provider credentials from the node and use instance profiles during provisioning time.
Diffstat (limited to 'roles/openshift_aws/defaults')
| -rw-r--r-- | roles/openshift_aws/defaults/main.yml | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/roles/openshift_aws/defaults/main.yml b/roles/openshift_aws/defaults/main.yml index 51f7d31c2..c9a429675 100644 --- a/roles/openshift_aws/defaults/main.yml +++ b/roles/openshift_aws/defaults/main.yml @@ -1,6 +1,7 @@ --- openshift_aws_create_s3: True openshift_aws_create_iam_cert: True +openshift_aws_create_iam_role: False openshift_aws_create_security_groups: True openshift_aws_create_launch_config: True openshift_aws_create_scale_group: True @@ -17,6 +18,10 @@ openshift_aws_iam_cert_path: '' openshift_aws_iam_cert_key_path: '' openshift_aws_scale_group_basename: "{{ openshift_aws_clusterid }} openshift" +openshift_aws_iam_role_name: openshift_node_describe_instances +openshift_aws_iam_role_policy_json: "{{ lookup('file', 'describeinstances.json') }}" +openshift_aws_iam_role_policy_name: "describe_instances" + openshift_aws_iam_kms_alias: "alias/{{ openshift_aws_clusterid }}_kms" openshift_aws_ami: '' openshift_aws_ami_copy_wait: False @@ -135,6 +140,9 @@ openshift_aws_master_group_config: wait_for_instances: True termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" + iam_role: "{{ openshift_aws_iam_role_name }}" + policy_name: "{{ openshift_aws_iam_role_policy_name }}" + policy_json: "{{ openshift_aws_iam_role_policy_json }}" elbs: "{{ openshift_aws_elb_name_dict['master'].keys()| map('extract', openshift_aws_elb_name_dict['master']) | list }}" openshift_aws_node_group_config: @@ -155,6 +163,9 @@ openshift_aws_node_group_config: type: compute termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" + iam_role: "{{ openshift_aws_iam_role_name }}" + policy_name: "{{ openshift_aws_iam_role_policy_name }}" + policy_json: "{{ openshift_aws_iam_role_policy_json }}" # The 'infra' key is always required here. infra: instance_type: m4.xlarge @@ -172,6 +183,9 @@ openshift_aws_node_group_config: type: infra termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" + iam_role: "{{ openshift_aws_iam_role_name }}" + policy_name: "{{ openshift_aws_iam_role_policy_name }}" + policy_json: "{{ openshift_aws_iam_role_policy_json }}" elbs: "{{ openshift_aws_elb_name_dict['infra'].keys()| map('extract', openshift_aws_elb_name_dict['infra']) | list }}" openshift_aws_elb_tags: "{{ openshift_aws_kube_tags }}" |