diff --git a/crd/RestateCluster.pkl b/crd/RestateCluster.pkl index b7129c1..f81ef5b 100644 --- a/crd/RestateCluster.pkl +++ b/crd/RestateCluster.pkl @@ -62,6 +62,10 @@ class Compute { /// Security configuration class Security { + /// if set, create a AWS PodIdentityAssociation using the ACK CRD in order to give the Restate pod + /// access to this role + awsPodIdentityAssociationRoleArn: String? + /// Network peers to allow access to restate ports If unset, will not allow any new traffic. Set any of /// these to [] to allow all traffic - not recommended. networkPeers: NetworkPeers? diff --git a/crd/crd.yaml b/crd/crd.yaml index 108cf6d..f11bfac 100644 --- a/crd/crd.yaml +++ b/crd/crd.yaml @@ -158,6 +158,10 @@ spec: description: Security configuration nullable: true properties: + awsPodIdentityAssociationRoleArn: + description: if set, create a AWS PodIdentityAssociation using the ACK CRD in order to give the Restate pod access to this role + nullable: true + type: string networkPeers: description: Network peers to allow access to restate ports If unset, will not allow any new traffic. Set any of these to [] to allow all traffic - not recommended. nullable: true diff --git a/src/controller.rs b/src/controller.rs index cda0b67..04ae909 100644 --- a/src/controller.rs +++ b/src/controller.rs @@ -121,7 +121,7 @@ fn env_schema(g: &mut schemars::gen::SchemaGenerator) -> schemars::schema::Schem #[serde(rename_all = "camelCase")] pub struct RestateClusterSecurity { pub service_account_annotations: Option>, - // if set, create a AWS PodIdentityAssociation using the ACK CRD in order to give the Restate pod access to this role + /// if set, create a AWS PodIdentityAssociation using the ACK CRD in order to give the Restate pod access to this role pub aws_pod_identity_association_role_arn: Option, pub network_peers: Option, }