Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Karpenter] Pod Identity Supports #1026

Merged
merged 2 commits into from
Jun 27, 2024
Merged

[Karpenter] Pod Identity Supports #1026

merged 2 commits into from
Jun 27, 2024

Conversation

vumdao
Copy link
Contributor

@vumdao vumdao commented Jun 23, 2024

Issue:
Pod Identity Supports Notice
Karpenter now supports using Pod Identity to authenticate AWS SDK to make API requests to AWS services using AWS Identity and Access Management (IAM) permissions.

Description of changes:

  • Introduce option to enable Pod Identity, this replaces IRSA method to manage credentials for Karpenter controller.
  • Resources created for using Pod Identity
    • IAM role with service principle pods.eks.amazonaws.com and allow actions sts:AssumeRole and sts:TagSession
    • Pod Identity associations
    • Service account created by Helm chart without eks.amazonaws.com/role-arn annotation

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@vumdao
Copy link
Contributor Author

vumdao commented Jun 23, 2024

@shapirov103 Do you know what's wrong with the markdown-link-check ?

@shapirov103
Copy link
Collaborator

shapirov103 commented Jun 26, 2024
edited
Loading

@vumdao the md check failure is not related, it is fixed now in origin/task/1.15.0-release-prep.

shapirov103
shapirov103 reviewed Jun 27, 2024
View reviewed changes
Copy link
Collaborator

@shapirov103 shapirov103 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, will kick off e2e.

@shapirov103
Copy link
Collaborator

/do-e2e-tests

aws-ia-ci
aws-ia-ci approved these changes Jun 27, 2024
View reviewed changes
Copy link

@aws-ia-ci aws-ia-ci left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

end to end tests passed

shapirov103
shapirov103 approved these changes Jun 27, 2024
View reviewed changes
Copy link
Collaborator

@shapirov103 shapirov103 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@shapirov103 shapirov103 merged commit 949bbbd into aws-quickstart:main Jun 27, 2024
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shapirov103 shapirov103 shapirov103 approved these changes

@aws-ia-ci aws-ia-ci aws-ia-ci approved these changes

@parkand1 parkand1 Awaiting requested review from parkand1

@youngjeong46 youngjeong46 Awaiting requested review from youngjeong46 youngjeong46 is a code owner

@elamaran11 elamaran11 Awaiting requested review from elamaran11 elamaran11 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vumdao @shapirov103 @aws-ia-ci