Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for 'access entries' for authentication in EKS clusters #39

Merged
merged 19 commits into from Apr 9, 2024
Merged

Support for 'access entries' for authentication in EKS clusters #39

merged 19 commits into from Apr 9, 2024

Conversation

lumberbaron
Copy link
Collaborator

What type of PR is this?

/kind feature

What this PR does / why we need it:

This PR introduces support for 'access entries' that allows for management of the users and roles that can access an EKS cluster's API from the outside the cluster.

This feature was released late last year: https://aws.amazon.com/blogs/containers/a-deep-dive-into-simplified-amazon-eks-access-management-controls/

The default (which is 'ConfigMap') has been left to maintain backwards compatibility.

Which issue(s) this PR fixes:

Special notes for your reviewer:

@lumberbaron
Implemented fixed zones, but we probably wont use it.
7f4bb35
@lumberbaron
Add separate cluster subnet variable for eks.
89660cd
@lumberbaron
Add support for access identities for EKS.
d2c2d24
@lumberbaron
Support ipv6 mode for EKS.
bedb0f5
@lumberbaron
Add support for using graviton instances for broker in EKS.
b543abe
@lumberbaron
Remove dualstack as an option, broker isnt ready.
13b594b
@lumberbaron
Rename variable used for api auth for eks.
3487379
@lumberbaron
Include cluster ARN for AWS and ID for Azure so things can be chained.
9837dd3
@lumberbaron
Use the correct value for the old way.
5d32e6d
@lumberbaron
Merge branch 'main' of github.com:lumberbaron/customer-controlled-reg…
816e905 
…ion-reference-architectures into eks-api-auth
@lumberbaron
Take out arm64 support for now.
868f4fe
@lumberbaron
Add backward compatability tests for eks and aks.
5631bbd
@lumberbaron
Remove ami code from broker node group module.
9e53352
@lumberbaron
Add readme section for access entries.
37b8983
@lumberbaron
Remove backwards compat tests for now.
f4e6016
@lumberbaron
Remove pod_spread_policy, for now.
4ce279d
@lumberbaron
Merge branch 'main' into eks-api-auth
8e3bb62
@lumberbaron lumberbaron changed the title Support for 'access entries' for authenication in EKS clusters Support for 'access entries' for authentication in EKS clusters Apr 2, 2024
lumberbaron
lumberbaron commented Apr 8, 2024
View reviewed changes
aks/kubernetes/storage-class.yaml
@@ -1,9 +1,6 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
labels:
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't related to EKS API authentication, it's just some labels that should not be in the StorageClass example.

lumberbaron
lumberbaron commented Apr 8, 2024
View reviewed changes
eks/kubernetes/storage-class-gp3.yaml
@@ -7,6 +7,8 @@ parameters:
csi.storage.k8s.io/fstype: xfs
type: gp3
encrypted: "true"
throughput: "125" # default
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also not related to EKS API auth, just added the default throughput and iops settings for gp3 so it's more clear that's what you get unless you set it.

@lumberbaron lumberbaron merged commit b2a8460 into SolaceLabs:main Apr 9, 2024
3 checks passed
@lumberbaron lumberbaron deleted the eks-api-auth branch April 9, 2024 12:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Luay-Sol Luay-Sol Luay-Sol approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@lumberbaron @Luay-Sol