Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for EKS pod identities #1494

Open
flostadler opened this issue Nov 18, 2024 · 0 comments
Open

Add support for EKS pod identities #1494

flostadler opened this issue Nov 18, 2024 · 0 comments
Labels
impact/usability Something that impacts users' ability to use the product easily and intuitively kind/enhancement Improvements or new features

Comments

@flostadler
Copy link
Contributor

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

EKS pod identities simplify assigning IAM permissions to Kubernetes workloads. Previously users had to create OIDC providers and use IRSA (IAM Roles for Service Accounts) to map an IAM principal to a kubernetes workload. This requires crafting rather complex assume role permissions (see).

EKS pod identities simplify this and additionally allow using a single role across multiple clusters & regions.

To add support for pod identities we need to ensure the instance role has permissions for the agent to do the AssumeRoleForPodIdentity action in the EKS Auth API and then deploy the eks-pod-identity-agent addon if the user configures it (e.g. enablePodIdentities).

Affected area/feature

  • EKS Cluster
  • Authentication
@flostadler flostadler added impact/usability Something that impacts users' ability to use the product easily and intuitively kind/enhancement Improvements or new features labels Nov 18, 2024
@flostadler flostadler mentioned this issue Nov 18, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
impact/usability Something that impacts users' ability to use the product easily and intuitively kind/enhancement Improvements or new features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@flostadler