K
Q

How to create an IAM role and associate it with the service account for a Kubernetes pod in the same manifest file?

11/11/2019

I have setup an IAM OIDC provider in my EKS cluster, and have used it to manually assign IAM roles to Kubernetes Pods.

For the pipeline for my Kubernetes pod however, I want to have it automatically create and update the IAM role for the pod as part of the normal application pipeline. This makes it easy to update the IAM permissions as your application needs to interact with more services over time.

Does anyone know of a way to create an IAM role with a service operator and associate with a pod in a manifest file? I've searched all day and it doesn't look like it can be done.

The only alternative I can think of is creating the IAM role in a different pipeline/workflow, which would work but would make updating the IAM role with new permissions frustrating, as you would have to coordinate the ordering of deployment between the two pipelines.

-- Chris Paika
amazon-eks
amazon-iam
amazon-web-services
eks
kubernetes

Similar Questions

debug running windows containers deployed in Azure Kubernetes service
Deploying React js build directory in nginx using kubernetes
k8s initContainer mountPath does not exist after kubectl pod deployment
How to enforce policies for manifests in Kubernetes?
EKS deployment using CDK showing Kubernetes version error

0 Answers