sparse-intern-71089
06/21/2022, 4:47 PMbillowy-army-68599
fresh-notebook-40503
06/21/2022, 4:54 PMfresh-notebook-40503
06/21/2022, 4:59 PMaws sts assume-role
before running pulumi up, but then the pulumi user will inhabit that role for every command. I want to use a specific IAM role just for the scope of some specific k8s commands.
I can create an aws.Provider
to assume a specific role and use that provider for the scope of aws
commands (eg. aws.s3.Bucket(... { provider: customProvider })
.
However, it doesn't look like I can use a kubernetes.Provider
to assume a specific IAM role for the scope of some kubernetes
commandsbillowy-army-68599
aws eks get-token
You can construct a Kubernetes provider that has that call in it with a profile, but the aws eks get-token
command doesn't support assume role at allfresh-notebook-40503
06/21/2022, 5:01 PMfresh-notebook-40503
06/21/2022, 5:22 PMaws eks get-token
command in the kubeconfig to add a new --role <role-arn>
argument. Seems to have worked fine. Will test some more, but it's looking solid.glamorous-australia-21342
06/21/2022, 5:46 PMglamorous-australia-21342
06/21/2022, 5:47 PMawsAuthConfigmap.data.apply(v => {
console.log(YAML.parse(v.mapRoles))
let roleMappings = YAML.parse(v.mapRoles)
let roleMapping = {
rolearn: "TEST",
username: "TEST",
groups: "TEST",
}
roleMappings.push(roleMapping)
// console.log(roleMappings)
})
billowy-army-68599
glamorous-australia-21342
06/21/2022, 5:50 PMbillowy-army-68599
glamorous-australia-21342
06/21/2022, 6:45 PMbillowy-army-68599