Remove namespace creation

MaterializeInc · Oct 31, 2024 · 6a735ba · 6a735ba
1 parent 15c8072
commit 6a735ba
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 33 deletions.
diff --git a/README.md b/README.md
@@ -23,7 +23,6 @@ The module has been tested with:
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | 5.73.0 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.33.0 |
 
 ## Modules
 
@@ -39,7 +38,6 @@ The module has been tested with:
 | Name | Type |
 |------|------|
 | [aws_cloudwatch_log_group.materialize](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
-| [kubernetes_service_account.materialize](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource |
 
 ## Inputs
 
@@ -52,7 +50,6 @@ The module has been tested with:
 | <a name="input_cluster_enabled_log_types"></a> [cluster\_enabled\_log\_types](#input\_cluster\_enabled\_log\_types) | List of desired control plane logging to enable | `list(string)` | <pre>[<br/>  "api",<br/>  "audit",<br/>  "authenticator",<br/>  "controllerManager",<br/>  "scheduler"<br/>]</pre> | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | `"materialize-cluster"` | no |
 | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | Kubernetes version for the EKS cluster | `string` | `"1.31"` | no |
-| <a name="input_create_service_account"></a> [create\_service\_account](#input\_create\_service\_account) | Create service account for Materialize | `bool` | `true` | no |
 | <a name="input_database_name"></a> [database\_name](#input\_database\_name) | Name of the database to create | `string` | `"materialize"` | no |
 | <a name="input_database_password"></a> [database\_password](#input\_database\_password) | Password for the database (should be provided via tfvars or environment variable) | `string` | n/a | yes |
 | <a name="input_database_username"></a> [database\_username](#input\_database\_username) | Username for the database | `string` | `"materialize"` | no |
@@ -75,8 +72,6 @@ The module has been tested with:
 | <a name="input_postgres_version"></a> [postgres\_version](#input\_postgres\_version) | Version of PostgreSQL to use | `string` | `"15"` | no |
 | <a name="input_private_subnet_cidrs"></a> [private\_subnet\_cidrs](#input\_private\_subnet\_cidrs) | CIDR blocks for private subnets | `list(string)` | <pre>[<br/>  "10.0.1.0/24",<br/>  "10.0.2.0/24",<br/>  "10.0.3.0/24"<br/>]</pre> | no |
 | <a name="input_public_subnet_cidrs"></a> [public\_subnet\_cidrs](#input\_public\_subnet\_cidrs) | CIDR blocks for public subnets | `list(string)` | <pre>[<br/>  "10.0.101.0/24",<br/>  "10.0.102.0/24",<br/>  "10.0.103.0/24"<br/>]</pre> | no |
-| <a name="input_service_account_name"></a> [service\_account\_name](#input\_service\_account\_name) | Name of the Kubernetes service account | `string` | `"materialize-sa"` | no |
-| <a name="input_service_account_namespace"></a> [service\_account\_namespace](#input\_service\_account\_namespace) | Namespace for the Kubernetes service account | `string` | `"materialize-system"` | no |
 | <a name="input_single_nat_gateway"></a> [single\_nat\_gateway](#input\_single\_nat\_gateway) | Use a single NAT Gateway for all private subnets | `bool` | `false` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Default tags to apply to all resources | `map(string)` | <pre>{<br/>  "Environment": "dev",<br/>  "Project": "materialize",<br/>  "Terraform": "true"<br/>}</pre> | no |
 | <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | CIDR block for VPC | `string` | `"10.0.0.0/16"` | no |

diff --git a/main.tf b/main.tf
@@ -58,15 +58,6 @@ module "database" {
   database_password     = var.database_password
 }
 
-resource "kubernetes_service_account" "materialize" {
-  count = var.create_service_account ? 1 : 0
-
-  metadata {
-    name      = var.service_account_name
-    namespace = var.service_account_namespace
-  }
-}
-
 resource "aws_cloudwatch_log_group" "materialize" {
   count = var.enable_monitoring ? 1 : 0
 

diff --git a/providers.tf b/providers.tf
@@ -0,0 +1,10 @@
+provider "kubernetes" {
+  host                   = module.eks.cluster_endpoint
+  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    args        = ["eks", "get-token", "--cluster-name", var.cluster_name]
+    command     = "aws"
+  }
+}
diff --git a/variables.tf b/variables.tf
@@ -208,25 +208,6 @@ variable "bucket_lifecycle_rules" {
   }]
 }
 
-# IAM Variables
-variable "create_service_account" {
-  description = "Create service account for Materialize"
-  type        = bool
-  default     = true
-}
-
-variable "service_account_name" {
-  description = "Name of the Kubernetes service account"
-  type        = string
-  default     = "materialize-sa"
-}
-
-variable "service_account_namespace" {
-  description = "Namespace for the Kubernetes service account"
-  type        = string
-  default     = "materialize-system"
-}
-
 # Monitoring Variables
 variable "enable_monitoring" {
   description = "Enable CloudWatch monitoring"