feat: expose use_existing_context variable in WI module (#1295)

exposing use_existing_context variable to allow kubectl wrapper to run kubectl using local kube config context

Co-authored-by: Bharath KKB <[email protected]>

Author: jeffreylean

modules/workload-identity/README.md

@@ -109,6 +109,7 @@ already bear the `"iam.gke.io/gcp-service-account"` annotation.
 | namespace | Namespace for the Kubernetes service account | `string` | `"default"` | no |
 | project\_id | GCP project ID | `string` | n/a | yes |
 | roles | A list of roles to be added to the created service account | `list(string)` | `[]` | no |
+| use\_existing\_context | An optional flag to use local kubectl config context. | `bool` | `false` | no |
 | use\_existing\_gcp\_sa | Use an existing Google service account instead of creating one | `bool` | `false` | no |
 | use\_existing\_k8s\_sa | Use an existing kubernetes service account instead of creating one | `bool` | `false` | no |
 

modules/workload-identity/main.tf

@@ -68,6 +68,7 @@ module "annotate-sa" {
   cluster_location            = var.location
   project_id                  = local.k8s_sa_project_id
   impersonate_service_account = var.impersonate_service_account
+  use_existing_context        = var.use_existing_context
 
   kubectl_create_command  = "kubectl annotate --overwrite sa -n ${local.output_k8s_namespace} ${local.k8s_given_name} iam.gke.io/gcp-service-account=${local.gcp_sa_email}"
   kubectl_destroy_command = "kubectl annotate sa -n ${local.output_k8s_namespace} ${local.k8s_given_name} iam.gke.io/gcp-service-account-"

modules/workload-identity/variables.tf

@@ -95,3 +95,9 @@ variable "impersonate_service_account" {
   type        = string
   default     = ""
 }
+
+variable "use_existing_context" {
+  description = "An optional flag to use local kubectl config context."
+  type        = bool
+  default     = false
+}