Document how to use IAM roles instead of the credentials CAPA started with #3130
Labels
kind/documentation
Categorizes issue or PR as related to documentation.
lifecycle/active
Indicates that an issue or PR is actively being worked on by a contributor.
priority/important-soon
Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
triage/accepted
Indicates an issue or PR is ready to be actively worked on.
/kind documentation
We need documentation for the steps on how to make CAPA use the instance profiles (IAM roles) attached to a ec2 instance.
A possible scenario for CAPA-managed clusters:
clusterctl init --infrastructure aws
on the workload cluster by settingexport AWS_B64ENCODED_CREDENTIALS="Cg=="
(equivalent to empty string)capa-manager-bootstrap-credentials
will be created as using AWS_B64ENCODED_CREDENTIALS which is nil, hence CAPA controllers will fall back to use the attached instance profile.We should also cover how to do the same in EKS-managed clusters.
More details are in slack thread:
The text was updated successfully, but these errors were encountered: