aws-eks-iam-auth-controller icon indicating copy to clipboard operation
aws-eks-iam-auth-controller copied to clipboard
verified publisher icon rustrial

added instance metadata templating

Open AndrewChubatiuk opened this issue 3 years ago • 1 comments

Thank you for your project! I'm new in rust, but decided to make a PR with instance metadata templating for userarn and rolearn (now it makes sense for aws account id only IMO)

AndrewChubatiuk avatar Jun 25 '22 08:06 AndrewChubatiuk

@AndrewChubatiuk Thanks for your contribution. Unfortunately, I am not sure whether calling the AWS Instance Metadata Service (IMDS) is a good idea. It's a security best practice to ensure that Pods cannot reach the IMDS by using IMDSv2 and setting the hop limit to 1. In such a setup only Pods with hostNetwork: true can reach IMDS, all other Pods will fail to connect to the IMDS.

If you still insist to add this feature, I propose you refactor this PR to make this feature optional, with a command line flag to explicitly opt-in to that behavior (by default is must be off). In that case you might also want to add a Helm value to set hostNetwork: true.

rustrial avatar Jun 25 '22 15:06 rustrial

I will close this for as there seems to be no activity on this PR.

alex-berger avatar Jun 20 '23 08:06 alex-berger