amazon-eks-pod-identity-webhook
amazon-eks-pod-identity-webhook copied to clipboard
aws
Amazon EKS Pod Identity Webhook
**What happened**: In my EKS cluster (v1.17), I found pod-identity-webhook but another cluster (v1.15) missing pod-identity-webhook. **What you expected to happen**: pod-identity-webhook should be available for v1.15 and v1.16 EKS....
there's no /metrics endpoint or port given in the documentation for amazon-eks-pod-identity-webhook Since this sits in the path for pod creation for performance metrics are required. Documentation for auto-scaling the...
**What happened**: We deployed a vault-agent-injector into our cluster which injects a vault-agent container into our pods via another mutating webhook. When we deploy an application with the vault-agent annotations...
**What would you like to be added**: If role aliasing (see [IoT IAM](https://docs.aws.amazon.com/iot/latest/developerguide/security_iam_service-with-iam.html) for details on role aliases) comes to be rolled out to broader AWS, I would like to...
*Issue #, if available:* N/A *Description of changes:* Added guide for using different IAM roles in different containers By submitting this pull request, I confirm that you can use, modify,...
**What happened**: We created a pod with a `iam.amazonaws.com/role:` annotation. The environment variables `AWS_ROLE_ARN` and `AWS_WEB_IDENTITY_TOKEN_FILE` are created. The volume `aws-iam-token` is also added to the pod. But the volumeMount...
**What happened**: I have created a Fargate profile for new namespace. I moved application from one (non-fargated) namespace to a new one (fargated). When application was starting it failed with...
SELF_HOSTED_SETUP Document: Pros and Cons of reusing the k8s service account keys, generated by kubeadm. Security Key Rotation Secret Leak Etc
**What would you like to be added**: Allow pods to use other roles **Why is this needed**: Currently, to use other roles in pods I need to mount the token...
Currently it seems to be required that configuration is done with command line arguments (e.g. `--service-name=pod-identity-webhook`), it would be useful if the daemon also looked at environment variables (e.g. `AMAZON_EKS_POD_IDENTITY_WEBHOOK_SERVICE_NAME=pod-identity-webhook`)...
