Add support for Target IAM role in PodIdentityAssociation

[pasi-romo-idealo]

Pod identity association has a new option, which makes it possible to configure a target IAM-role:

This is not currently supported by the eks-controller:

https://aws-controllers-k8s.github.io/community/reference/eks/v1alpha1/podidentityassociation/#spec

More details about this new paremeter can be found e.g. here:

https://docs.aws.amazon.com/eks/latest/userguide/pod-id-assign-target-role.html

[github-actions[bot]]

Hello @pasi-romo-idealo 👋 Thank you for opening an issue in ACK! A maintainer will triage this issue soon.

We encourage community contributions, so if you're interested in tackling this yourself or suggesting a solution, please check out our Contribution and Code of Conduct guidelines.

You can find more information about ACK on our website.

[dyson]

Keen to see this added as well and a little more context if it helps:

There is actually 3 changes here: disableSessionTags, targetRoleArn, and externalId.

Announcement with info on the API changes: https://aws.amazon.com/blogs/containers/amazon-eks-pod-identity-streamlines-cross-account-access/

aws-sdk-go-v2 has already been updated: https://github.com/aws/aws-sdk-go-v2/blob/main/service/eks/api_op_CreatePodIdentityAssociation.go https://github.com/aws/aws-sdk-go-v2/blob/main/service/eks/api_op_UpdatePodIdentityAssociation.go

Related Terraform provider change if of any use here: https://github.com/hashicorp/terraform-provider-aws/pull/42979

[dyson]

Also struggled to work out how to use ack-generate to update these. If there are any docs I should look at I'm happy to create a PR.

[knottnt]

@pasi-romo-idealo support for Target IAM role should now be available in v1.8.0 of the ACK eks-controller.