-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cloud IAM Permission injection from the config #12
Comments
This issue has been automatically marked as stale because there was no recent activity in 60 days. Remove the stale label or add a comment, otherwise, this issue will automatically be closed in 7 days if no further activity occurs. |
IIUC, I think this would be useful. |
No, it hasn't been fixed yet, since we just had to deal with this again on a new deployment. Here is the documentation on what needs to be done following deployment to give IAM users access to the cluster: https://aws.amazon.com/premiumsupport/knowledge-center/eks-kubernetes-object-access-error/ As @aktech suggested, I think a section for adding IAM users in the config file would be great. amazon_web_services:
...
iam_users:
arn:aws:iam::XXXXXXXXXXXX:user/testuser1
arn:aws:iam::XXXXXXXXXXXX:user/testuser2 I guess another alternative could be to add a field to the users section: security:
...
users:
example-user:
primary_group: admin
secondary_groups:
- users
uid: 1000
arn: arn:aws:iam::XXXXXXXXXXXX:user/testuser1 |
This issue has been automatically marked as stale because there was no recent activity in 60 days. Remove the stale label or add a comment, otherwise, this issue will automatically be closed in 7 days if no further activity occurs. |
This issue was closed because it has been stalled for 7 days with no activity. |
Currently there is no way to add cloud IAM permissions to the cluster or pods via the config file:
So for example, if you want to append permissions to this list, you can do that after the project is generated, but then you can auto update the QHub as it will override the custom changes you would make.
https://github.com/Quansight/qhub-ops/blob/e5dd52df558c2c4eb805594b6ae574f12e0986a1/qhub_ops/template/%7B%7B%20cookiecutter.repo_directory%20%7D%7D/infrastructure/gcp.tf#L22
One solution is to create a section in config.yml that adds permission which can be appended to the list.
The text was updated successfully, but these errors were encountered: