Eksctl: Config file support for iamidentitymapping

Created on 3 Jul 2019  路  5Comments  路  Source: weaveworks/eksctl

Hi all, I've been trying to use eksctl create|get|delete iamidentitymapping with -f some_file.yaml but I couldn't really figure out what to put inside the file. Can someone please document this or create some files under example directory ?

PS: You may want to merge it with https://github.com/weaveworks/eksctl/pull/932

areaws-iam closeduplicate kindocs
Source
picture serhatcetinkaya
👍5

Most helpful comment

Would be nice to have this in config (code as documentation).

Given how eksctl create iamidentitymapping is implemented, would something like this in the config work?

iam:
  identityMappings:
    - roleARN: arn:aws:iam::123456:role/kube-admin
      username: kube-admin
      group: system:masters
    - roleARN: arn:aws:iam::123456:role/power-users
      username: power-user
      group: my-custom-power-user-group

Something to figure out would be how eksctl should behave when removing an identityMapping from the config file and running eksctl update cluster.

picture TBeijen on 11 Oct 2019
👍8

All 5 comments

Hi @serhatcetinkaya , the config file in these commands is only used to get the cluster information, not the roles or the other iam specific parameters. This is how it works today but we will consider this for a future iteration.

martina-if picture martina-if on 24 Jul 2019

@martina-if +1 for this feature it would help in bootstraping a cluster that others can talk to right away instead of just the people who have Admin in that AWS account.

rocktavious picture rocktavious on 14 Aug 2019

Hi @martina-if , is there any update on this ?

I think it can even be included in the main config file like (another block to configure aws-auth configmap):

eksctl create cluster --config-file=<path>
serhatcetinkaya picture serhatcetinkaya on 2 Sep 2019
👍3

Would be nice to have this in config (code as documentation).

Given how eksctl create iamidentitymapping is implemented, would something like this in the config work?

iam:
  identityMappings:
    - roleARN: arn:aws:iam::123456:role/kube-admin
      username: kube-admin
      group: system:masters
    - roleARN: arn:aws:iam::123456:role/power-users
      username: power-user
      group: my-custom-power-user-group

Something to figure out would be how eksctl should behave when removing an identityMapping from the config file and running eksctl update cluster.

TBeijen picture TBeijen on 11 Oct 2019
👍8

Duplicate of #874

martina-if picture martina-if on 15 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dewittcx picture dewittcx  路  3Comments
fabboe picture fabboe  路  3Comments
whereisaaron picture whereisaaron  路  4Comments
xakraz picture xakraz  路  4Comments
sabhizer picture sabhizer  路  3Comments