aws-controllers-k8s
Feature Request: Add procedure for using Pod Identity instead of IRSA to the Getting Started guide
What is the URL of the document?
https://github.com/aws/amazon-s3-controller/blob/main/docs/getting-started.md
Which section(s) is the issue in?
Getting Started
What needs fixing?
The current Getting Started guide uses IAM Roles for Service Accounts (IRSA). However, since EKS Pod Identity is now the recommended approach, the documentation should include instructions for deploying and configuring the S3 controller using Pod Identity.
Additional context
I have confirmed locally that the s3-controller works correctly with Pod Identity. It would be helpful for other users if the documentation included this pattern as an officially supported example.
Hello @kennygt51 👋 Thank you for opening an issue in ACK! A maintainer will triage this issue soon.
We encourage community contributions, so if you're interested in tackling this yourself or suggesting a solution, please check out our Contribution and Code of Conduct guidelines.
You can find more information about ACK on our website.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
? Aren't EKS pod identity and IRSA (IAM Roles for Service Accounts) the same thing?
Oh I think you're talking about "EKS Pod Identity Agent" https://docs.aws.amazon.com/eks/latest/userguide/pod-id-agent-setup.html in contrast to "EKS Pod Identity Webhook" (https://github.com/aws/amazon-eks-pod-identity-webhook)
@kennygt51 great! Also did you try to use PodIdentity with cross-accounts?
Thanks. Unfortunately, I haven’t tried using Pod Identity across accounts yet. I just verified that it works within a single account.
@james-callahan thanks
@kennygt51 thanks (the question with cross accounts is still actual, but I believe that it should work).