Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow use of EKS pod identities as an authentication method #1981

Closed
jmalloc opened this issue Dec 26, 2023 · 6 comments
Closed

Allow use of EKS pod identities as an authentication method #1981

jmalloc opened this issue Dec 26, 2023 · 6 comments
Labels
enhancement New feature or request stale

Comments

@jmalloc
Copy link

jmalloc commented Dec 26, 2023

What problem are you facing?

I would like to use EKS pod identities to grant the provider access to AWS, as an alternative to IRSA

How could Crossplane help solve your problem?

By adding support for this authentication method in ProviderConfig.

FWIW, I did attempt to use a pod identity with a ProviderConfig set to use IRSA credentials, hoping that it might "just work" given that both IRSA and pod identities work by automatically injecting AWS environment variables into the pod. This approach failed, but I no longer have the exact error message, sorry. Some googling at the time suggested that it might be necessary to use version 2 of the AWS Go client with EKS pod identities.
@jmalloc jmalloc added the enhancement New feature or request label Dec 26, 2023
@jmalloc jmalloc mentioned this issue Dec 26, 2023
Closed
@hsmade
Copy link

hsmade commented Feb 6, 2024

With version 0.46, and the following:

apiVersion: aws.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
  name: aws-provider
spec:
  credentials:
    source: InjectedIdentity

The result for trying to use pod identity is this error from the provider-aws pod:

crossplane-aws-provider: error: Cannot setup AWS controllers: invalid endpoint host, "169.254.170.23", only loopback hosts are allowed

@hsmade
Copy link

hsmade commented Feb 6, 2024
edited
Loading

From what I can find with other controllers with the same issue, all that needs to be done is updating the aws sdk dependency. The EKS provider is still using the old sdk, instead of v2.

Examples: 1 2

@vara-bonthu vara-bonthu mentioned this issue Apr 21, 2024
Closed
2 tasks
@github-actions GitHub Actions
Copy link

github-actions bot commented May 7, 2024

Crossplane does not currently have enough maintainers to address every issue and pull request. This issue has been automatically marked as stale because it has had no activity in the last 90 days. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.

@github-actions github-actions bot added stale and removed stale labels May 7, 2024
@fhochleitner
Copy link

/fresh would also love to have this feature

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 2, 2024

Crossplane does not currently have enough maintainers to address every issue and pull request. This issue has been automatically marked as stale because it has had no activity in the last 90 days. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.

@github-actions github-actions bot added the stale label Oct 2, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Oct 16, 2024
@brandocomando
Copy link

/fresh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jmalloc @hsmade @brandocomando @fhochleitner