aws-iam-authenticator icon indicating copy to clipboard operation
aws-iam-authenticator copied to clipboard

verified publisher icon kubernetes-sigs

Metadata

A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster

Results 88 aws-iam-authenticator issues
Sort by recently updated
recently updated
newest added

Can I run 'aws-iam-authenticator server' on non-ec2 environment?

I want run this server on non-ec2 environment(ex: Azure VM) for users can login with AWS IAM identity. But seems it requires EC2 IMDS apiserver. Is there any option run...

uanid avatar uanid

Upgrade go version, kubernetes api version

- Upgrade go version to go1.19 - Upgrade k8s.io dependencies to v0.25.0 ``` go mod edit -go=1.19 go get k8s.io/api@latest go get k8s.io/apimachinery@latest go get k8s.io/client-go@latest go get k8s.io/code-generator@latest go...

nilesh-akhade avatar nilesh-akhade

Invalid client-go entry in go.mod

k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.22.0 k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.22.0 k8s.io/sample-controller => k8s.io/sample-controller v0.22.0 k8s.io.client-go => k8s.io/client-go v0.20.0 k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.22.0 https://github.com/kubernetes-sigs/aws-iam-authenticator/blob/master/go.mod#L54 I think the line should be `k8s.io/client-go => k8s.io/client-go...

nilesh-akhade avatar nilesh-akhade

Bug in specifying expiration

https://github.com/kubernetes-sigs/aws-iam-authenticator/blob/6da4c44ca4aa1c83dbc0820c5413312606dc09f3/pkg/token/token.go#L332 The intention seems to be passing 60 sec but current implementation is effectively passing 60 nanosec. So `requestPresignParam * time.Second` might be correct.

roengram avatar roengram

add support for e2e latency for dynamic mode

8 comment

**What this PR does / why we need it**: This adds logic to support e2e latency for dynamic mode and dynamic backend mode files. **Which issue(s) this PR fixes** *(optional,...

minj131 avatar minj131

cncf-cla: yes
size/L
lgtm
ok-to-test

reduce token expiration if credentials will expire

7 comment

**What this PR does / why we need it**: An issue comes up when using a long-lived `token.Generator` instance where the underlying assume-role session expires, which invalidates the token. This...

iamnoah avatar iamnoah

cncf-cla: yes
needs-ok-to-test
size/XS
lifecycle/rotten

[Feature request]:

4 comment

### What would you like to be added? Use the aws-iam-authenticator CLI to delete a role from the aws-auth configmap. For ex, `aws-iam-authenticator delete role ...` ### Why is this...

jebbens avatar jebbens

kind/feature
lifecycle/rotten
needs-triage

Use update-codegen instead of make generated_files

3 comment

**What this PR does / why we need it**: `make generated_files` is deprecated, use `./hack/update-codegen.sh` instead.

nckturner avatar nckturner

cncf-cla: yes
approved
size/XS
lifecycle/stale

[Bug]: Fix to #606 not available in released version, eksctl quickstart instructions doesn't work with new style SSO config

1 comment

### What happened? I just wanted to bring attention to the fact that the currently released versions of `aws-iam-authenticator` fails to provide authentication to users that have set up authentication...

nresare avatar nresare

kind/bug
lifecycle/stale
needs-triage

feat: add support for EC2 Instance Identity roles

8 comment

**What this PR does / why we need it**: This PR enables aws-iam-authenticator to support EC2 Instance Identity roles - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-identity-roles.html , by parsing their UserID format. This enables use...

gilbahat avatar gilbahat

cncf-cla: yes
needs-ok-to-test
size/XS
lifecycle/rotten

Metadata

2.2k
Stars
417
Forks
Watchers

Owner

verified publisher icon kubernetes-sigs

Metadata

A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster

Back