Delegate irsa to another namespace / namespaces

[clayrisser]

When I create an irsa, it only creates a service account and role that works in the crossplane.io/claim-namespace. However I need another namespace to access the resource. How can I create an irsa in a different namespace that can access the resource (eg a bucket) that was created in the current namespace?

[nabuskey]

Hey @clayrisser

I assume you are talking about this composition? https://github.com/awslabs/crossplane-on-eks/tree/main/compositions/upbound-aws-provider/irsa

You will need to create your own composition to do so since it takes the claim name space annotation value to determine the destination namespace. Unless the resource destination does not change, you will likely want to expose the target namespace in your definition.

Relevant lines are here:

https://github.com/awslabs/crossplane-on-eks/blob/3bd9bb36d0749d6570ebece9018216560d577ae9/compositions/upbound-aws-provider/irsa/irsa.yaml#L72-L128

[clayrisser]

Ended up doing it here if anyone's interested.

https://gitlab.com/bitspur/rock8s/charts/-/tree/main/beta/crossplane-on-eks/templates/delegates?ref_type=heads

[nabuskey]

Thanks for the update. I am closing this issue but if you have more questions directly related to this issue, please feel free to reopen it.