From 2b88e506e304f5dddf3707f9ef44fcf5ac6c6a82 Mon Sep 17 00:00:00 2001
From: russwhelan <30686539+russwhelan@users.noreply.github.com>
Date: Mon, 16 Sep 2019 10:45:35 +0100
Subject: [PATCH] Add URL for OIDC issuer to allow IAM roles for Pods (#506)

* Add URL for OIDC issuer to allow IAM roles for Pods

* Update Documentation
---
 CHANGELOG.md | 1 +
 README.md    | 1 +
 outputs.tf   | 5 +++++
 3 files changed, 7 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6df1af4de9..99d795a610 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@ project adheres to [Semantic Versioning](http://semver.org/).
  - Added support for initial lifecycle hooks for autosacling groups (@barryib)
  - Added option to recreate ASG when LT or LC changes (by @barryib)
  - Ability to specify workers role name (by @ivanich)
+ - Added output for OIDC Issuer URL (by @russwhelan)
  - Added support for Mixed Instance ASG using `worker_groups_launch_template` variable  (by @sppwf)
  - Changed ASG Tags generation using terraform 12 `for` utility  (by @sppwf)
  - Removed `worker_groups_launch_template_mixed` variable (by @sppwf)
diff --git a/README.md b/README.md
index 36374510e0..27aa66aeeb 100644
--- a/README.md
+++ b/README.md
@@ -168,6 +168,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | cluster\_id | The name/id of the EKS cluster. |
 | cluster\_security\_group\_id | Security group ID attached to the EKS cluster. |
 | cluster\_version | The Kubernetes server version for the EKS cluster. |
+| cluster\_oidc\_issuer\_url | The URL on the EKS cluster OIDC Issuer. |
 | config\_map\_aws\_auth | A kubernetes configuration to authenticate to this EKS cluster. |
 | kubeconfig | kubectl config file contents for this EKS cluster. |
 | kubeconfig\_filename | The filename of the generated kubectl config. |
diff --git a/outputs.tf b/outputs.tf
index 8f48268f07..24a3949b95 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -43,6 +43,11 @@ output "cluster_iam_role_arn" {
   value       = local.cluster_iam_role_arn
 }
 
+output "cluster_oidc_issuer_url" {
+  description = "The URL on the EKS cluster OIDC Issuer"
+  value       = aws_eks_cluster.this.identity.0.oidc.0.issuer
+}
+
 output "cloudwatch_log_group_name" {
   description = "Name of cloudwatch log group created"
   value       = aws_cloudwatch_log_group.this.*.name