Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v13] Support specifying assume_role_arn for Kube cluster matchers #28832

Merged
merged 1 commit into from Jul 10, 2023
Merged

[v13] Support specifying assume_role_arn for Kube cluster matchers #28832

merged 1 commit into from Jul 10, 2023

Conversation

tigrato
Copy link
Contributor

@tigrato tigrato commented Jul 7, 2023

Backport of #28282 to branch/v13

@tigrato
Support specifying assume_role_arn for Kube cluster matchers (#28282)
774bc1b 
* Support specifiying `assume_role_arn` for Kube cluster matchers

This PR allows users to assume different AWS roles when interacting with
AWS EKS API. It allows users to proxy EKS clusters in different AWS
accounts using the same Teleport Kubernetes Service.

Example configuration:

```yaml

kubernetes_service:
  enabled: true
  resources:
  - labels:
      'a': 'b'
    aws:
      assume_role_arn: "arn:aws:iam::0987654321:role/KubeAccess"
      external_id: "0987654321"
  - labels:
      'c': 'd'
    aws:
      assume_role_arn: "arn:aws:iam::123456789012:role/KubeAccess"
      external_id: "123456789012"

```

* reuse eks token validation
@tigrato tigrato changed the title [v13] Support specifying assume_role_arn for Kube cluster matchers (#28282) [v13] Support specifying assume_role_arn for Kube cluster matchers Jul 8, 2023
@tigrato tigrato added this pull request to the merge queue Jul 10, 2023
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Jul 10, 2023
@tigrato tigrato added this pull request to the merge queue Jul 10, 2023
Merged via the queue into branch/v13 with commit 28b3648 Jul 10, 2023
22 checks passed
@tigrato tigrato deleted the bot/backport-28282-branch-13 branch July 10, 2023 09:14
@r0mant r0mant mentioned this pull request Jul 14, 2023
Closed
@fheinecke fheinecke mentioned this pull request Sep 26, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@strideynet strideynet strideynet approved these changes

@GavinFrazar GavinFrazar GavinFrazar approved these changes

Assignees
No one assigned
Labels
backport kubernetes-access size/lg
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tigrato @strideynet @GavinFrazar