Mike Stefaniak

@dany74q "it would be awesome to have the ability to control permissions in AWS-alone - along w/ predefined roles one could grant (a-la Kubernetes Viewer / Editor / Owner)" This...

Let's use this issue, I updated the title

It's a totally separate EKS API - not related to the IAMIdentityMappings CRD

By design EKS does not issue certificates for CSRs with signerName "kubernetes.io/kubelet-serving" unless the CSR was actually requested by a kubelet. EKS's custom signer validates this by checking that the...

This is now covered in our documentation https://docs.aws.amazon.com/eks/latest/userguide/cert-signing.html. I will leave this issue open for a little while to make sure what we included in v1.22 launch meets the needs...

Can you clarify what you mean by which signers. From the doc, this is signer name we support `signerName: beta.eks.amazonaws.com/app-serving`

The ASG backing a managed node group is meant to be more of an implementation detail. I realize there is no charge for enabling this, so it is something we...

Moved to in progress. We are going to enable this flag for newly created managed node groups. Follow this issue for further updates.

As an update here, we have updated our docs with a simpler option to disable IMDS for pods by using IMDSv2 and the hop limit https://docs.aws.amazon.com/eks/latest/userguide/best-practices-security.html We do plan to...

EKS/Fargate is now available in China regions https://aws.amazon.com/about-aws/whats-new/2022/06/aws-fargate-elastic-kubernetes-beijing-ningxia-regions/ GovCloud is next up to build.