Mastering Elastic Kubernetes Service on AWS by Malcolm Orr & Yang-Xin Cao (Eason)

Author:Malcolm Orr & Yang-Xin Cao (Eason)
Language: eng
Format: epub
Publisher: Packt
Published: 2023-11-15T00:00:00+00:00

How IRSA works

IRSA allows you to assign specific privileges to a specific Pod by associating a Kubernetes service account (SA) with an IAM role, shown in Figure 13.2 as step 1. When the Pod makes an API call, it will try to use the SA credentials, which have an annotation mapping to an IAM role (step 2). This call is translated into an AssumeRoleWithWebIdentity API call to the AWS Security Token Service (STS), which will exchange the Kubernetes-generated credentials for AWS IAM-generated credentials. It does this by using the OIDC provider for a specific EKS cluster as the principal and assuming the role that is defined in the SA annotation (step 3).

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.