Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS SDK version is too old to support pod-level permissions in AWS EKS #7986

Closed
danielmittelman opened this issue Dec 8, 2019 · 1 comment
Closed

AWS SDK version is too old to support pod-level permissions in AWS EKS #7986

danielmittelman opened this issue Dec 8, 2019 · 1 comment

Comments

@danielmittelman
Copy link

Is your feature request related to a problem? Please describe.
AWS has released pod-level permissions a few months ago, allowing Vault to be run in EKS without having to give all the neighboring pods the same permissions to the AWS APIs being used.

This feature is support for SDK versions > 1.23.13 (as described here)

The version currently used in Vault is 1.19, and so this cannot be used.

Describe the solution you'd like
Update the AWS SDK to the latest v1 version, or at least version 1.24

Describe alternatives you've considered
There are two alternatives to this, both are not ideal:

  1. Providing an access key and a secret key, either via the values.yml (bad practice) or via a mounted Secret
  2. Assigning a role to all the worker nodes, giving all the pods in the cluster access to the resources used by Vault for storage and encryption
@jefferai
Copy link
Member

jefferai commented Dec 8, 2019

Duplicate of #7458

@jefferai jefferai marked this as a duplicate of #7458 Dec 8, 2019
@jefferai jefferai closed this as completed Dec 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jefferai @danielmittelman