sparse-intern-71089
01/17/2023, 12:25 PMbillowy-army-68599
bland-pharmacist-96854
01/17/2023, 1:17 PMbillowy-army-68599
bland-pharmacist-96854
01/17/2023, 1:35 PMbland-pharmacist-96854
01/17/2023, 1:38 PMbillowy-army-68599
create_oidc_provider
and then create an IAM role with sts:AssumeRoleWithWebIdentity
bland-pharmacist-96854
01/17/2023, 1:42 PMbland-pharmacist-96854
01/17/2023, 1:45 PMkubernetes.yaml.ConfigFile
but looking at pulumi-eks
looks like maybe I can do that directly with
creation_role_provider
?bland-pharmacist-96854
01/17/2023, 1:48 PMsts:AssumeRoleWithWebIdentity
right? did you say that thinking about the future?billowy-army-68599
billowy-army-68599
create_oidc_provider
on the cluster
• create an IAM role which is associated with the oidc provider: https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/aws/eks-platform/alb-ingress-controller/index.ts#L19-L39
• annotate a service account to associate the rolebillowy-army-68599
Now I have a yaml manifest that I apply to the new EKs cluster using kubernetes.yaml.ConfigFile but looking at pulumi-eks looks like maybe I can do that directly withno, these are two distinct and separate steps
bland-pharmacist-96854
01/17/2023, 2:40 PMbillowy-army-68599