terraform-aws-eks-blueprints icon indicating copy to clipboard operation
terraform-aws-eks-blueprints copied to clipboard

Published 20 hours ago verified publisher icon aws-ia

[ADDON] - kube2iam - IRSA Alternative

Open evairmarinho opened this issue 3 years ago • 3 comments

Add support for kube2iam as an add-on.

https://github.com/jtblin/kube2iam

evairmarinho avatar Jul 15 '22 02:07 evairmarinho

I don't think its wise to add kube2iam to the blueprint because it has only one maintainer and is not updated very often (yearly releases since 2020, helm chart points to an old version).

ayeks avatar Jul 21 '22 11:07 ayeks

What would be the motivation for using kube2iam over IAM roles for service accounts?

bryantbiggs avatar Jul 21 '22 11:07 bryantbiggs

The idea would not be to replace the IRSA. But rather stay as an alternative. I've been using kube2iam for over a year now, and that's what I have experience granting permission to pods on AWS. I don't think I'm the only one who uses this tool. If at least the installation of the addon was in the project it would already help. Regarding the pods, it will be necessary to use the annotations in addons such as cluster-autoscaler.

evairmarinho avatar Jul 23 '22 14:07 evairmarinho

thank you for the issue - at this time we will not be adding this implementation to the project. if you wish to use kube2iam you can utilize the helm_release resource to add support in your environment

bryantbiggs avatar Mar 17 '23 17:03 bryantbiggs