We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What feature/behavior/change do you want? It would be handy to have IRSA well known policies for "Amazon EFS CSI dynamic provisioning" describe here: https://aws.amazon.com/blogs/containers/introducing-efs-csi-dynamic-provisioning/
Policy file: https://raw.githubusercontent.com/kubernetes-sigs/aws-efs-csi-driver/v1.2.0/docs/iam-policy-example.json
Currently I need to configure eksctl this way to have it enabled:
iam: serviceAccounts: - metadata: name: efs-csi-controller-sa namespace: kube-system attachPolicy: Version: 2012-10-17 Statement: - Effect: Allow Action: - elasticfilesystem:DescribeAccessPoints - elasticfilesystem:DescribeFileSystems Resource: "*" - Effect: Allow Action: - elasticfilesystem:CreateAccessPoint Resource: "*" Condition: StringLike: aws:RequestTag/efs.csi.aws.com/cluster: true - Effect: Allow Action: elasticfilesystem:DeleteAccessPoint Resource: "*" Condition: StringEquals: aws:ResourceTag/efs.csi.aws.com/cluster: true
I would be nice to have well known policies instead for example:
iam: serviceAccounts: - metadata: name: efs-csi-controller-sa namespace: kube-system wellKnownPolicies: efsCSIController: true
Why do you want this feature?
To make it easier to configure Amazon EFS CSI dynamic provisioning.
The text was updated successfully, but these errors were encountered:
Hey @ruzickap , that sounds reasonable. Would you be willing to work on a PR to add it :D ? If not we will add to our backlog of work 😄
Sorry, something went wrong.
Hello
I'm sorry, but I don't know go enough to code it. I saw very similar PR here: #3518, but I can not do it. Please put it to the backlog...
Thank you
Hi @ruzickap, the well-known policies for the EFS CSI driver will be included in today's release of eksctl 0.53! 😊
Thanks for raising this and please let us know if there is any issue or if we can help with anything else.
nikimanoledaki
Successfully merging a pull request may close this issue.
What feature/behavior/change do you want?
It would be handy to have IRSA well known policies for "Amazon EFS CSI dynamic provisioning" describe here: https://aws.amazon.com/blogs/containers/introducing-efs-csi-dynamic-provisioning/
Policy file: https://raw.githubusercontent.com/kubernetes-sigs/aws-efs-csi-driver/v1.2.0/docs/iam-policy-example.json
Currently I need to configure eksctl this way to have it enabled:
I would be nice to have well known policies instead for example:
Why do you want this feature?
To make it easier to configure Amazon EFS CSI dynamic provisioning.
The text was updated successfully, but these errors were encountered: