Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add iam identityMappings to config file #874

Closed
errordeveloper opened this issue Jun 12, 2019 · 11 comments
Closed

Add iam identityMappings to config file #874

errordeveloper opened this issue Jun 12, 2019 · 11 comments
Assignees
@aclevername
Labels
area/aws-iam area/config-file kind/feature New feature or request priority/important-soon Ideally to be resolved in time for the next release

Comments

@errordeveloper
Copy link
Contributor

errordeveloper commented Jun 12, 2019
edited
Loading

We have commands for managing IAM identity mapping now, and config file can be used as input, but we don't yet support definitions of the identity mappings in the config file itself.

I thing this would be the most suitable way to expose it:

iam:
  identityMapping: ...

At the I'm not sure about how the array/map itself should look like.

We would probably want to keen nodegroups out of the picture for now, i.e. what we do automatically at the moment, can remain invisible at the level of config file. Users who want to manage node IAM roles along with --update-auth-configmap=false, should be able to do it and use config file to set authenticate their nodegroup roles.
@martina-if
Copy link
Contributor

Should it be a map? or perhaps an array of mappings?

@errordeveloper
Copy link
Contributor Author

errordeveloper commented Jun 12, 2019
edited
Loading

@martina-if yes, good point - I've updated the description to reflect what is currently understood about this :)

@andreamaruccia
Copy link

how is this related to #841 ?

@neelakansha85
Copy link

+1 to this feature.

This will make it a lot easier instead of having separate aws-auth.yaml config file and applying it to the cluster after cluster creation to having all config in declarative form.

@jvosantos
Copy link

upvote upvote upvote

@pierresteiner
Copy link

Upvote as well!

@errordeveloper errordeveloper mentioned this issue Aug 30, 2019
Closed
6 tasks
@martina-if martina-if added the priority/backlog Not staffed at the moment. Help wanted. label Sep 11, 2020
@martina-if martina-if mentioned this issue Sep 15, 2020
Closed
@martina-if
Copy link
Contributor

see also #967

@martina-if martina-if changed the title add iam.identityMapping to config file Add iam identityMappings to config file Sep 15, 2020
@martina-if martina-if added priority/important-longterm Important over the long term, but may not be currently staffed and/or may require multiple releases and removed priority/backlog Not staffed at the moment. Help wanted. labels Sep 15, 2020
@muram
Copy link

muram commented Dec 15, 2020

+1, any update on when this feature might be considered for implementation?

@cPu1 cPu1 added priority/important-soon Ideally to be resolved in time for the next release and removed priority/important-longterm Important over the long term, but may not be currently staffed and/or may require multiple releases labels Jan 6, 2021
@aclevername aclevername self-assigned this Jan 18, 2021
@aclevername aclevername mentioned this issue Jan 18, 2021
Closed
7 tasks
@michaelbeaumont michaelbeaumont mentioned this issue Jan 19, 2021
Closed
@aclevername
Copy link
Contributor

@muram this is currently being worked on, feedback/thoughts are welcome 😄 #3097

@aclevername aclevername linked a pull request Jan 27, 2021 that will close this issue
Add support for specifying identityMappings in config #3097
Closed
7 tasks
@aclevername
Copy link
Contributor

Closing. We are expecting an new API from AWS to handle cluster permissions, so we could implement this feature but it would likely be replaced very soon by this new API. I think it makes sense to halt any new development on iamidentitymappings functionality

@adammw
Copy link
Contributor

adammw commented Jul 9, 2021

the iamidentitymappings is the eksctl feature exposing the identity mapping used by aws-iam-authenticator, no? therefore the feature to add it to the config file should remain even if the underlying implementation would need to change...

I also note that aws-iam-authenticator now supports configuration via a IAMIdentityMappings CRD which should free up some of the use cases suggested..

@adammw adammw mentioned this issue Jul 9, 2021
Closed
@aclevername aclevername mentioned this issue Jan 17, 2022
Closed
torredil pushed a commit to torredil/eksctl that referenced this issue May 20, 2022
@k8s-ci-robot
Merge pull request eksctl-io#874 from vdhanan/master
5f79c8c 
fix naming mistake in clusterrolebinding, expose env var to controller via downward api
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aclevername aclevername

Labels
area/aws-iam area/config-file kind/feature New feature or request priority/important-soon Ideally to be resolved in time for the next release
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for specifying identityMappings in config eksctl-io/eksctl
10 participants
@adammw @errordeveloper @martina-if @andreamaruccia @cPu1 @neelakansha85 @jvosantos @aclevername @muram @pierresteiner