Todd Miller

Awesome, thanks for listening and responding / indulging me! I'll be back if I can address the above, but for now...

Awesome! That definitely sounds useful for us since ultimately we want to expose storage to a large set (~500?) of users and will need to bound the storage they can...

Great, thanks for your insight! (That's already quite a bit of unwinding about where the real problem is, very helpful.)

We're wondering about maybe adding this to hubploy? (Maybe as an option which defaults to on?) How "expert" is the scenario where automatic kubeconfig is bad?

OK, sounds totally reasonable to me. We're in the process of documenting the end-to-end process internally so this is easy to add to those docs explicitly. If we ever do...

STScI is still very interested in this topic, but before we run off and start coding, I wanted to double check the status of the `unmanaged_nodegroups` branch. Is there a...

I forgot to mention the IAM impact on EKS, which includes the need to supply a cluster role and work instance profile / worker role if they're not created automatically...

On other idea I had for dealing with IAM perms would be to share Terraform .tfstate with our IT department using remote state. Our IT would initially create the entire...

Thanks @yuvipanda for drawing attention to the loop. I also noticed an issue with IRSA/OIDC in addition to autoscaling. Definitely agree the loop is a mess and probably fatal for...

Limiting scope of IAM permissions more is not something we've considered yet; so far our approach for setting minimum perms has just been to factor out IAM write operations entirely...