You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To connect with an EKS cluster in an out-of-cluster configuration, we will have to generate a bearer token that can be passed as part of the request to the EKS instance. The solution here is based on the following sources: [1], [2].
Create an AWS IAM user named porter-dashboard. Get the credentials for this IAM user and create a new Porter service account that will use these credentials.
Query the aws-auth ConfigMap in the Amazon EKS cluster that provides the mappings between IAM principals (roles/users) and Kubernetes subjects (Users/Groups). If the ConfigMap does not contain a mapping between the IAM user porter-dashboard and the correct Kubernetes subject, update the ConfigMap.
Note: this will grant the Porter service account the same level of access as the admin user, which we have enforced in other kubectl auth plugin implementations.
During runtime, query the user model to retrieve a token, if one was previously generated. If this token is expired, perform steps 4-6. Otherwise, go to step 7.
During runtime, configure the AWS Golang SDK to use a custom Config and create a session using this config.
During runtime, use the NewGenerator function exposed by the aws-iam-authenticator to create an object that can generate the token.
To connect with an EKS cluster in an out-of-cluster configuration, we will have to generate a bearer token that can be passed as part of the request to the EKS instance. The solution here is based on the following sources: [1], [2].
Create an AWS IAM user named
porter-dashboard
. Get the credentials for this IAM user and create a new Porter service account that will use these credentials.Query the
aws-auth
ConfigMap in the Amazon EKS cluster that provides the mappings between IAM principals (roles/users) and Kubernetes subjects (Users/Groups). If the ConfigMap does not contain a mapping between the IAM userporter-dashboard
and the correct Kubernetes subject, update the ConfigMap.During runtime, query the user model to retrieve a token, if one was previously generated. If this token is expired, perform steps 4-6. Otherwise, go to step 7.
During runtime, configure the AWS Golang SDK to use a custom Config and create a session using this config.
During runtime, use the NewGenerator function exposed by the
aws-iam-authenticator
to create an object that can generate the token.Use the generator. GetWithOptions method to generate a token, and save this token
Use the given token as a bearer token:
The text was updated successfully, but these errors were encountered: