aws-iam-authenticator icon indicating copy to clipboard operation
aws-iam-authenticator copied to clipboard

verified publisher icon kubernetes-sigs

Metadata

A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster

Results 88 aws-iam-authenticator issues
Sort by recently updated
recently updated
newest added

[Feature request]: list current IAM identities in the aws-auth configmap

1 comment

### What would you like to be added? aws-iam-authenticator seems to allow me to add new IAM rules to an existing configmap, but not check whether that rule was added...

scardena avatar scardena

kind/feature
lifecycle/stale
needs-triage

Keep original aws-auth configuration when the new value cannot be parsed

26 comment

In the current implementation, a value like `rokeMappings` is always reinitialized to an empty slice for any `Added` or `Modified` event: `roleMappings = make([]config.RoleMapping, 0)` And then, even when there's...

suzaku avatar suzaku

cncf-cla: yes
size/L
needs-ok-to-test
lifecycle/stale
needs-rebase

Explicitly reduce user to the same as defined in the container

11 comment

**What this PR does / why we need it**: This reduces the pod user permissions to the same defined in Dockerfile:23 This makes it easier for administrators and security tooling...

RichardoC avatar RichardoC

cncf-cla: yes
needs-ok-to-test
size/XS

Add web identify support

7 comment

**What this PR does**: After https://github.com/aws/aws-sdk-go/pull/2667 sdk supports https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html Let's enable it here **Which issue(s) this PR fixes**: Fixes https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/154

dkropachev avatar dkropachev

size/M
needs-ok-to-test
lifecycle/rotten
needs-rebase
cncf-cla: no

Align go versions and remove unused files

4 comment

**What this PR does / why we need it**: - Align go versions used in `go.mod` - Remove unused empty file and travis CI (no longer used) **Which issue(s) this...

bryantbiggs avatar bryantbiggs

cncf-cla: yes
size/S
ok-to-test

Optionally return full role arn including path during token verification

12 comment

**What this PR does / why we need it**: When creating EKS nodegroups where the node's IAM role contains a path, the nodes fail to join the cluster. This adds...

terricain avatar terricain

cncf-cla: yes
size/L
needs-ok-to-test

[Feature request]: Support reloading TLS certificates

3 comment

### What would you like to be added? The TLS certificates for the server are loaded only once on startup, see [here](https://github.com/kubernetes-sigs/aws-iam-authenticator/blob/36174a044833488b5fe1dc51ee6b73b8a181956c/pkg/server/server.go#L120C2-L120C2). This means if the certificate is rotated (e.g....

kwohlfahrt avatar kwohlfahrt

kind/feature
lifecycle/stale
needs-triage

IAM Group Auth with EKS - Kubernetes RBAC

2 comment

Hi we want to implement scenario for IAM - EKS that fullfill our requirement that are mentioned below, 1. create a Group in IAM called it **"custom-ns-stag"** and that group...

shusaan avatar shusaan

lifecycle/rotten

Bump go to 1.21.4

3 comment

**What this PR does / why we need it**: Go version bump, fixes govulncheck test failure

micahhausler avatar micahhausler

cncf-cla: yes
approved
size/XXL
needs-rebase

[Public security vulnerability]: update dependency versions please

2 comment

### What would you like to be added? Could you please update the [golang.org/x/net](https://github.com/kubernetes-sigs/aws-iam-authenticator/blob/9e94eaf8aae27289bea31a528c384284ea72f779/go.mod#L67) version to 0.23.0, and then release a new version of aws-iam-authenticator after that? Due to security...

squeakymouse avatar squeakymouse

kind/feature
lifecycle/stale
needs-triage

Metadata

2.2k
Stars
417
Forks
Watchers

Owner

verified publisher icon kubernetes-sigs

Metadata

A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster

Back