aws-secret-sidecar-injector icon indicating copy to clipboard operation
aws-secret-sidecar-injector copied to clipboard

Published 20 hours ago verified publisher icon aws-samples

ability to create serviceAccount by using helm

Open devopsmash opened this issue 3 years ago • 1 comments

In order to get an easier deployment, it will be awesome if the chart secret-inject/secret-inject will contain also the ability to create a serviceAccount with OIDC like aws-efs-csi-driver chart has:

https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/f89b14367e2509738dc885ab82370152c2f4cf83/charts/aws-efs-csi-driver/values.yaml#L74-L81

In addition, it will be great to have also some guidelines of how to create a serviceAccount , the IAM policy, the role trust under the README.md instead of this article. This can improve the quickstart

devopsmash avatar Apr 13 '21 17:04 devopsmash

We can update the readme @dsaydon90 with instructions for creating a serviceAccount, IAM policy, etc, but I'm hesitant to include code to automatically creates an IAM role since that is a privileged operation. The solution is designed to force you to create an IAM policy/role and serviceAccount that is scoped to a secret.

jicowan avatar Apr 14 '21 19:04 jicowan