Conversation
matheuscscp
left a comment
There was a problem hiding this comment.
Thanks @taraspos!
Please test this PR e2e with a real AWS account and post here some evidence 🙏
| For a complete guide on how to set up authentication for cloud providers, | ||
| see the integration [docs](/flux/integrations/). | ||
|
|
||
| #### AWS |
There was a problem hiding this comment.
This section needs a bit more color like the Azure one. Doesn't need too much detail, though, as those docs should be mostly pointing at https://fluxcd.io/flux/integrations/ by now
There was a problem hiding this comment.
@taraspos I don't see any pointers to the integrations docs
There was a problem hiding this comment.
Yes, sorry. Had to switch to something else and didn't finish the doc. Just push updated and simplified version.
There was a problem hiding this comment.
@matheuscscp I didn't have a chance to test object level workload identity yet.
I will try to find time to do so tomorrow, and then we can merge this.
Testing steps
|
|
@taraspos Thanks for testing! The CI is failing, pls take a look. One is failing due to code generation (you need to run |
2d16001 to
7ec5c01
Compare
matheuscscp
left a comment
There was a problem hiding this comment.
@taraspos Please update the docs to point to the integrations page.
We also need a PR here:
https://github.com/fluxcd/website/blob/main/content/en/flux/integrations/aws.md?plain=1
Will merge this one after we have the PR for website ready and also a similar PR for image-automation-controller
| For a complete guide on how to set up authentication for cloud providers, | ||
| see the integration [docs](/flux/integrations/). | ||
|
|
||
| #### AWS |
There was a problem hiding this comment.
@taraspos I don't see any pointers to the integrations docs
6afeb03 to
5f4b135
Compare
Signed-off-by: Taras <9948629+taraspos@users.noreply.github.com>
5f4b135 to
cbf3816
Compare
|
Confirmed that object-level workload identity works via IRSA. Testing steps are the same as above (#2035 (comment)), with following differences:
|
|
|
||
| ##### Configure Flux controller | ||
|
|
||
| 1. Configure authentication using your preferred method - https://fluxcd.io/flux/integrations/aws/#authentication. |
There was a problem hiding this comment.
| 1. Configure authentication using your preferred method - https://fluxcd.io/flux/integrations/aws/#authentication. | |
| 1. Configure authentication using your preferred [method](https://fluxcd.io/flux/integrations/aws/#authentication). |
|
|
||
| 1. Configure authentication using your preferred method - https://fluxcd.io/flux/integrations/aws/#authentication. | ||
|
|
||
| Example IAM role policy: |
There was a problem hiding this comment.
| Example IAM role policy: | |
| Example IAM role policy (see [docs](https://fluxcd.io/flux/integrations/aws/#for-amazon-codecommit) for more details): |
| provider: aws | ||
| url: https://git-codecommit.<region>.amazonaws.com/v1/repos/<repository-name> |
There was a problem hiding this comment.
| provider: aws | |
| url: https://git-codecommit.<region>.amazonaws.com/v1/repos/<repository-name> | |
| provider: aws | |
| serviceAccountName: my-tenant # optional (used for object-level workload identity) | |
| url: https://git-codecommit.<region>.amazonaws.com/v1/repos/<repository-name> |
Summary
Add support of AWS CodeCommit with IAM role auth (fluxcd/pkg#1142).
As part of: