Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
p
prehistoric-kite-30979
02/05/2021, 7:21 PMIf I enable the OIDC provider detailed here- https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/eks/#ClusterOptions-createOidcProvider
How do I then create a new iam role for a given service account?
I have a working example in go but it requires I have access to the arn and URL of the oidcprovider.
The pulumi link in those docs appears to be broken.
b
billowy-army-68599
02/05/2021, 7:24 PMwhich language?
p
prehistoric-kite-30979
02/05/2021, 7:25 PMtrying to do it in ts using the eks extension
b
billowy-army-68599
02/05/2021, 7:28 PMthe eks package exports a couple of properties
export const oidcProviderArn = cluster.core.oidcProvider.arn
export const oidcProviderUrl = cluster.core.oidcProvider.urlhere's a helper function you can pass that to
https://gist.github.com/jaxxstorm/59d378cccca36faf49f6ac2dda86f603
p
prehistoric-kite-30979
02/05/2021, 7:28 PMthanks I'll give that a go in a bit
b
billowy-army-68599
02/05/2021, 7:29 PMand you'd use like this
const role = rbac.CreateServiceAccountIAMRole("foo",
namespaceName,
oidcProviderArn,
oidcProviderUrl,
);the key point is that IAM roles take a standard string, and the oidc exports are outputs, so you need to build the role inside an
apply