cloud-provider-aws
Cloud provider for AWS (by kubernetes)
amazon-eks-pod-identity-webhook
Amazon EKS Pod Identity Webhook (by aws)
cloud-provider-aws | amazon-eks-pod-identity-webhook | |
---|---|---|
2 | 8 | |
357 | 584 | |
0.8% | 1.0% | |
8.7 | 6.8 | |
1 day ago | 22 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cloud-provider-aws
Posts with mentions or reviews of cloud-provider-aws.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-05-04.
-
k3s on AWS,does it make sense?
You can install the pod identity webhook and AWS cloud provider, csi provider etc on a bare kube cluster and get pretty close to the EKS experience. Not something I’d do for prod, but interesting as a learning exercise.
-
Blazing fast Kubernetes scaling with ASG warm pools
The most naïve way of implementing support for warm pools is to do nothing more than creating the warm pool. Unfortunately, this would start kubelet, which will register the Node with the cluster. Since the AWS cloud provider does not remove instances in stopped state, the control plane marks the Node NotReady, but keep it around in case it comes back up.
amazon-eks-pod-identity-webhook
Posts with mentions or reviews of amazon-eks-pod-identity-webhook.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-05-04.
-
Grant Kubernetes Pods Access to AWS Services Using OpenID Connect
Its not specific to EKS, you can find the underlying webhook that injects the "identity" here: https://github.com/aws/amazon-eks-pod-identity-webhook
You have to jump through much of the same hoops you describe, having a public `.well-known` endpoint for example. I have achieved this in the past by putting the OIDC discovery information in an S3 bucket.
-
k3s on AWS,does it make sense?
You can install the pod identity webhook and AWS cloud provider, csi provider etc on a bare kube cluster and get pretty close to the EKS experience. Not something I’d do for prod, but interesting as a learning exercise.
-
IAM roles for pods in external k8s cluster
Yes you absolutely can. https://github.com/aws/amazon-eks-pod-identity-webhook/blob/master/SELF_HOSTED_SETUP.md
-
Unable to read token file , permission denied
Is your pod running as an unprivileged user? Sounds like https://github.com/aws/amazon-eks-pod-identity-webhook/issues/8 to me.
-
Zero-configuration IRSA on kOps
On EKS, the pod identity webhook is commonly used as the mechanism for adding the necessary parts of the Pod spec. This webhook looks for ServiceAccounts with a specific set of annotations telling it what ARN it can assume and various other settings. When a Pod is created that uses one of these ServiceAccounts, the webhook mutates the Pod using information found in the ServiceAccount annotations.
-
Using IAM Roles for ServiceAccounts on kOps
If you prefer, you could create ServiceAccounts with these details and use the EKS identity webhook, but I don't see kOps supporting that webhook as a native addon.
-
[AWS-EFS][IAM] AWS EFS CSI instructions say to use a service account w/ IAM role association, but is it possible with KIAM instead?
The Amazon EKS Pod Identity Webhook on the cluster watches for pods that are associated with service accounts with this special annotation & injects Web Identity Token credentials into the pod as environment variables (technical details here).
-
Understanding AWS K8s architecture using EC2
I don’t know how KOPs manages IAM creds for pods these days, but you can use this (my recommendation) https://github.com/aws/amazon-eks-pod-identity-webhook, or something like KIAM or kube2iam
What are some alternatives?
When comparing cloud-provider-aws and amazon-eks-pod-identity-webhook you can also consider the following projects:
kiam - Integrate AWS IAM with Kubernetes
external-dns - Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services
amazon-eks-ami - Packer configuration for building a custom EKS AMI
aws-efs-csi-driver - CSI Driver for Amazon EFS https://aws.amazon.com/efs/
aws-sdk-go - AWS SDK for the Go programming language.