kpt-backstage-plugins icon indicating copy to clipboard operation
kpt-backstage-plugins copied to clipboard

Published 20 hours ago verified publisher icon GoogleContainerTools

Add support for deploying Config as Data UI to EKS

Open ChristopherFry opened this issue 2 years ago • 2 comments

Add support for deploying the Config as Data UI to Amazon Elastic Kubernetes Service (EKS).

ChristopherFry avatar Oct 06 '22 16:10 ChristopherFry

This is related to GoogleContainerTools/kpt#3480, with the exception that this is a specific request for EKS.

ChristopherFry avatar Oct 06 '22 16:10 ChristopherFry

IAM Users/Roles would be mapped in the aws-auth ConfigMap to a Group. Then those groups can be bound to Roles and ClusterRoles in k8s. Then client would retrieve token from AWS using the KubeConfig exec in the user section like this:

- name: some-user
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      command: aws
      args:
      - eks
      - get-token
      - --region
      - us-west-2
      - --cluster-name
      - my-cluster
      - --role-arn
      - arn:aws:iam::123456789:role/my-admin
      env:
      - name: AWS_PROFILE
        value: my-account
      interactiveMode: IfAvailable
      provideClusterInfo: false

The docs are here:

  • https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html

kferrone avatar Oct 06 '22 17:10 kferrone