From ffba116766cf12bfa173a416e551951fc3ebcdb8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juho=20M=C3=A4kinen?= <juho@squareup.com>
Date: Fri, 18 Oct 2024 10:21:18 +1100
Subject: [PATCH] fix: specify IAM role for the provisioner (#3152)

---
 charts/ftl/templates/provisioner-role.yaml | 9 +++++++++
 charts/ftl/values.yaml                     | 3 ++-
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 charts/ftl/templates/provisioner-role.yaml

diff --git a/charts/ftl/templates/provisioner-role.yaml b/charts/ftl/templates/provisioner-role.yaml
new file mode 100644
index 0000000000..42facc9bba
--- /dev/null
+++ b/charts/ftl/templates/provisioner-role.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.provisioner.serviceAccountName }}
+  namespace: {{ .Release.Namespace }}
+  {{- if .Values.provisioner.provisionersRoleArn }}
+  annotations:
+    eks.amazonaws.com/role-arn: {{ .Values.provisioner.provisionersRoleArn }}
+  {{- end }}
diff --git a/charts/ftl/values.yaml b/charts/ftl/values.yaml
index 08fb6bc778..b12723a813 100644
--- a/charts/ftl/values.yaml
+++ b/charts/ftl/values.yaml
@@ -88,6 +88,7 @@ controller:
   tolerations: null
 
 provisioner:
+  provisionersRoleArn: arn:aws:iam::ftl-provisioners-irsa-role
   enabled: false
   replicas: 1
   revisionHistoryLimit: 0
@@ -97,7 +98,7 @@ provisioner:
     pullPolicy: IfNotPresent
 
   envFrom: null
-  serviceAccountName: ftl
+  serviceAccountName: ftl-provisioner
 
   env:
     - name: MY_POD_IP