bland-pharmacist-96854
01/17/2023, 12:25 PMcreate_oidc_provider
to true. This creates the idp provider in the iam but it does not associate it with the clusterbillowy-army-68599
01/17/2023, 1:13 PMbland-pharmacist-96854
01/17/2023, 1:17 PMbillowy-army-68599
01/17/2023, 1:22 PMbland-pharmacist-96854
01/17/2023, 1:35 PMbillowy-army-68599
01/17/2023, 1:40 PMcreate_oidc_provider
and then create an IAM role with sts:AssumeRoleWithWebIdentity
bland-pharmacist-96854
01/17/2023, 1:42 PMkubernetes.yaml.ConfigFile
but looking at pulumi-eks
looks like maybe I can do that directly with
creation_role_provider
?sts:AssumeRoleWithWebIdentity
right? did you say that thinking about the future?billowy-army-68599
01/17/2023, 1:51 PMcreate_oidc_provider
on the cluster
• create an IAM role which is associated with the oidc provider: https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/aws/eks-platform/alb-ingress-controller/index.ts#L19-L39
• annotate a service account to associate the roleNow I have a yaml manifest that I apply to the new EKs cluster using kubernetes.yaml.ConfigFile but looking at pulumi-eks looks like maybe I can do that directly withno, these are two distinct and separate steps
bland-pharmacist-96854
01/17/2023, 2:40 PMbillowy-army-68599
01/17/2023, 3:02 PM