fast forward to 7:10 if you need to get past greeting section
@daniele31844 жыл бұрын
It would be nice to include the links in the description. Overall great content.
@gauravstud Жыл бұрын
One question at around 37:00 for short term credentials not supported with EKS. I am a little confused understanding that. EKS can support IAM roles to authenticate against itself. As an example, we can have an IAM role assigned to a Cloud9 instance and as long as that role has the right privileges in the RBAC, the IAM roles would work. So what's so unique about the default Cloud9 Managed credentials? Why is authenticating with that a challenge in EKS?
@Jack-w1w Жыл бұрын
Thank you so much for bring us this pretty good video, However, May be the AWS EKS team could simply the IAM user-K8s Role binding Process with extra Web configure page on the AWS Console . Although it might hide some theory from the RBAC of K8s and AWS IAM , It might bring lots of good experience for the customer.
@davidszkilnyk31064 жыл бұрын
So when testing rbac_user instead of getting "forbidden" you get "error: You must be logged in to the server (Unauthorized)"
@copypaiste2 жыл бұрын
Stumbled upon that error as well. I guess you have to edit ~/.kube/config for that to work. Worked around it by using a IAM role (instead of a IAM user as they did in workshop) mapping it in aws-auth ConfigMap and then assuming it with "aws sts assume-role". Also you can use "ecsctl create iamidentitymapping" command instead of editing aws-auth ConfigMap manually.