You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Tell us about your request
Amazon EKS recently launched EKS Pod Identity, a new feature that simplifies how IAM credentials can be granted to pods running on EKS clusters. See [1] and [2] to learn more about the feature. Pod Identity feature requires an agent (called EKS Pod Identity Agent) to be running on every worker node to help exchange JWT tokens for temporary IAM credentials. This agent is made available to customers today as an EKS Add-on. This request is to open source the agent source code so that users can bake the agent as part of the worker node AMI or use Helm to install the agent. Please vote and/or provide feedback if you have a use case/need for the agent to be open sourced.
My organization (a large enterprise in the financial services sector) will be able to increase the applicable use cases for EKS substantially, probably doubling our usage of EKS, by switching to Pod Identity Agent from IRSA. To make the switch, we need to be able to deploy any services, including any add-ons like this one, matching our configuration requirements. This change would enable us to use the add-on and expand our covered use cases.
Why The EKS Pod Identity Agent doesn't use the service-account-role-arn for IAM roles for service accounts and you must provide the EKS Pod Identity Agent with permissions in the node role?
Community Note
Tell us about your request
Amazon EKS recently launched EKS Pod Identity, a new feature that simplifies how IAM credentials can be granted to pods running on EKS clusters. See [1] and [2] to learn more about the feature. Pod Identity feature requires an agent (called EKS Pod Identity Agent) to be running on every worker node to help exchange JWT tokens for temporary IAM credentials. This agent is made available to customers today as an EKS Add-on. This request is to open source the agent source code so that users can bake the agent as part of the worker node AMI or use Helm to install the agent. Please vote and/or provide feedback if you have a use case/need for the agent to be open sourced.
[1] What's new post
[2] EKS Docs
Which service(s) is this request for?
EKS
The text was updated successfully, but these errors were encountered: