add existing ksa to example

bharathkkb · bharathkkb · commit f786995f7497 · 2020-06-11T19:41:14.000-05:00
diff --git a/examples/workload_identity/main.tf b/examples/workload_identity/main.tf
@@ -53,6 +53,7 @@ module "gke" {
   ]
 }
 
+# example without existing KSA
 module "workload_identity" {
   source              = "../../modules/workload-identity"
   project_id          = var.project_id
@@ -61,5 +62,27 @@ module "workload_identity" {
   use_existing_k8s_sa = false
 }
 
+
+# example with existing KSA
+resource "kubernetes_service_account" "test" {
+  metadata {
+    name = "foo-ksa"
+  }
+    secret {
+      name = "bar"
+    }
+  }
+
+module "workload_identity_existing_ksa" {
+  source              = "../../modules/workload-identity"
+  project_id          = var.project_id
+  name                = "existing-${module.gke.name}"
+  cluster_name        = module.gke.name
+  location            = module.gke.location
+  namespace           = "default"
+  use_existing_k8s_sa = true
+  k8s_sa_name         = kubernetes_service_account.test.metadata.0.name
+}
+
 data "google_client_config" "default" {
 }
diff --git a/modules/workload-identity/main.tf b/modules/workload-identity/main.tf
@@ -69,7 +69,7 @@ module "annotate-sa" {
   create_cmd_body       = "${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl annotate --overwrite sa -n ${local.output_k8s_namespace} ${local.k8s_given_name} iam.gke.io/gcp-service-account=${local.gcp_sa_email}"
 
   destroy_cmd_entrypoint = "${path.module}/scripts/kubectl_wrapper.sh"
-  destroy_cmd_body       = "${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate}  kubectl annotate --overwrite sa -n ${local.output_k8s_namespace} ${local.k8s_given_name} iam.gke.io/gcp-service-account-"
+  destroy_cmd_body       = "${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl annotate sa -n ${local.output_k8s_namespace} ${local.k8s_given_name} iam.gke.io/gcp-service-account-"
 }
 
 resource "google_service_account_iam_member" "main" {

Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ module "annotate-sa" {`
`69`	`69`	`create_cmd_body = "${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl annotate --overwrite sa -n ${local.output_k8s_namespace} ${local.k8s_given_name} iam.gke.io/gcp-service-account=${local.gcp_sa_email}"`
`70`	`70`
`71`	`71`	`destroy_cmd_entrypoint = "${path.module}/scripts/kubectl_wrapper.sh"`
`72`		`- destroy_cmd_body = "${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl annotate --overwrite sa -n ${local.output_k8s_namespace} ${local.k8s_given_name} iam.gke.io/gcp-service-account-"`
	`72`	`+ destroy_cmd_body = "${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl annotate sa -n ${local.output_k8s_namespace} ${local.k8s_given_name} iam.gke.io/gcp-service-account-"`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`resource "google_service_account_iam_member" "main" {`