Pass fsGroup in install.yaml

[hasheddan]

Signed-off-by: hasheddan [email protected]

Description of your changes

This re-enables support for IAM Roles for Service Accounts by passing an fsGroup,
meaning that the projected service account token volume will be owned by the GID and the GID will be added as a supplemental group to the container process.

Fixes #211
Depends on crossplane/crossplane#1577

Checklist

I have:

• Run make reviewable to ensure this PR is ready for review.
• Ensured this PR contains a neat, self documenting set of commits.
• Updated any relevant documentation, examples, or release notes.
• Updated the dependencies in app.yaml to include any new role permissions.

[jbw976]

is this fully compatible with the last official release of crossplane (v0.11)? i.e. if someone installs this latest provider-aws but hasn't updated crossplane to a newer master version, will it work OK? (or not crash/break at least)

[hasheddan]

@jbw976 this will not break master of provider-aws with Crossplane v0.11/v0.11.1, but this will be stripped out meaning that the IAM Role for Service Accounts will not work until someone updates their Crossplane to master. So in short, this will not introduce any regressions, but will also not be a fix without updating Crossplane. (One could manually edit this as well I think to get the functionality with older Crossplane versions though).

[jbw976]

Yes that sounds perfect. Totally fine with it not being "fixed" until their crossplane version is also updated. The important part is that they won't experience any crashes or complete breaks by using this new provider-aws update without also updating crossplane.