Hey guys 🙂
What is the best practice for the identity of an EKS cluster creator?
Should it be the CI role that we use to deploy our infrastructure?
Should it be a dedicated role created only for the purpose of creation of the cluster? And then the CI does everything else in terms of deployment of AWS resources as well as k8s resources.
Perhaps it should not be the CI role that is the creator as it will be part of system:masters. And for reasons I don’t fully understand, we don’t want to just add users to that if they need admin control. Rather they should be made separate
. So then perhaps it should be a dedicated role that doesn’t get used for anything else to create the cluster.