Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Support the use of AWS EKS IAM roles for service accounts (IRSA)
#681

Closed
Closed
Support the use of AWS EKS IAM roles for service accounts (IRSA)#681

Description

@lambda-9

lambda-9
openedon Jun 22, 2020

Describe the feature:
Support the use of AWS EKS IAM roles for service accounts.

This requires two things to take place:

  1. Filebeat (and potentially other charts) do not appear to be use an AWS SDK version that supports assuming an IAM role via an OIDC web identity token file (sts:AssumeRoleWithWebIdentity). This is required in order to use EKS's IAM roles for service accounts feature. AWS SDK version requirements are here.

  2. Charts also need to support service account annotations described in issue Please allow annotations for the ServiceAccount resources in your charts #627

Describe a specific use case for the feature:
Provide AWS IAM roles to pods instead of supplying credentials directly in configuration. Adding the following annotation to the service account would allow the use of the corresponding role.

annotations:
  eks.amazonaws.com/role-arn: arn:aws:iam::<ACCOUNT-ID>:role/<ROLE-NAME>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    feature

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions