Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
b
bland-pharmacist-96854
01/17/2023, 12:25 PMGood morning. How should I add an identity provider to a new EKS cluster using pulumi eks package? I set the
create_oidc_providerb
billowy-army-68599
01/17/2023, 1:13 PMhave you used OIDC before with EKS? Creating the provider is all you need to do, once you’ve got that you just need to create a service account and a related policy. There’s an example here in typescript: https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/aws/eks-platform/alb-ingress-controller/index.ts
b
bland-pharmacist-96854
01/17/2023, 1:17 PMDo you mean that it is not necessary to associate the created IDP?
b
billowy-army-68599
01/17/2023, 1:22 PMthis happens when you implement a service account, the UI doesn’t exactly track the API
b
bland-pharmacist-96854
01/17/2023, 1:35 PMah thanks!
https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-enable-IAM.html#setting-up-OIDC-console so do you mean that by setting that flag to True, this step will be done entirely?
b
billowy-army-68599
01/17/2023, 1:40 PMthat command is what happens when you do
create_oidc_providersts:AssumeRoleWithWebIdentityb
bland-pharmacist-96854
01/17/2023, 1:42 PMok, thanks.
last question, is there any better way to do this:
https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-cluster-access.html
Now I have a yaml manifest that I apply to the new EKs cluster using
kubernetes.yaml.ConfigFilepulumi-ekscreation_role_providerhttps://pulumi-community.slack.com/archives/CRFURDVQB/p1673962852363789?thread_ts=1673958343.040869&cid=CRFURDVQB
But in that AWS document, they are not doing anything related
sts:AssumeRoleWithWebIdentityb
billowy-army-68599
01/17/2023, 1:51 PMfor OIDC you do the following things:
• create an OIDC provider (performed with
create_oidc_providerNow I have a yaml manifest that I apply to the new EKs cluster using kubernetes.yaml.ConfigFile but looking at pulumi-eks looks like maybe I can do that directly withno, these are two distinct and separate steps
b
bland-pharmacist-96854
01/17/2023, 2:40 PMso, related to this, do you know how can I automate the 3rd step of this document using pulumi? https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-cluster-access.html#setting-up-cluster-access-manual
b
billowy-army-68599
01/17/2023, 3:02 PMI don’t have any experience with that, no