Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable IAM Roles Anywhere with the k8s ecr-credential-provider plugin #2553

Merged
merged 1 commit into from
Nov 11, 2022
Merged

Enable IAM Roles Anywhere with the k8s ecr-credential-provider plugin #2553

merged 1 commit into from
Nov 11, 2022

Conversation

stmcginnis
Copy link
Contributor

@stmcginnis stmcginnis commented Nov 4, 2022
edited
Loading

Issue number:

Closes #2310

Description of changes:

This adds a new package to place the aws_signing_helper binary in the /usr/bin PATH to enable its use for k8s credential provider support of IAM Roles Anywhere.

Documentation also added to give an example of how to configure the AWS client settings to use this.

Testing done:

Deployed node and verified aws_signing_helper is present and executable in the /usr/bin directory.
Additional testing TBD with the EKS-A team to validate functionality.

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

@stmcginnis stmcginnis marked this pull request as draft November 4, 2022 18:22
bcressey
bcressey approved these changes Nov 9, 2022
View reviewed changes
packages/aws-signing-helper/Cargo.toml Outdated Show resolved Hide resolved
packages/aws-signing-helper/aws-signing-helper.spec Show resolved Hide resolved
packages/aws-signing-helper/pkg.rs Outdated Show resolved Hide resolved
@stmcginnis stmcginnis force-pushed the iam-roles-anywhere branch 2 times, most recently from 50f92e6 to 652a54f Compare November 9, 2022 23:24
webern
webern approved these changes Nov 10, 2022
View reviewed changes
Copy link
Contributor

@webern webern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, but can't be merged until the source is pushed to the lookaside cache and the version tag is obtained.

@stmcginnis stmcginnis self-assigned this Nov 11, 2022
@stmcginnis stmcginnis marked this pull request as ready for review November 11, 2022 17:51
jpmcb
jpmcb approved these changes Nov 11, 2022
View reviewed changes
Copy link
Contributor

@jpmcb jpmcb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!! 👏🏼

❯ sha512sum rolesanywhere-credential-helper-v1.0.2.tar.gz
b364bf8f73f33e7ac1db6a1153880ffa2e4af52a3d8f7b224cc5a9a2e545432a9bf408191048a406fdb995a034b997cdeeb752b4dfcea8288be5baeca8e69b9a  rolesanywhere-credential-helper-v1.0.2.tar.gz

@stmcginnis
packages: Add aws_signing_helper for IAM Roles Anywhere
62cc271 
This adds a new package to place the `aws_signing_helper` binary in the
/usr/bin PATH to enable its use for k8s credential provider support of
IAM Roles Anywhere.

This adds documentation to our README settings docs to give an example
of how to configure IAM Roles Anywhere support with the k8s image
credential provider plugin.

Signed-off-by: Sean McGinnis <stmcg@amazon.com>
@stmcginnis stmcginnis merged commit ac833d8 into bottlerocket-os:develop Nov 11, 2022
@stmcginnis stmcginnis deleted the iam-roles-anywhere branch November 11, 2022 19:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bcressey bcressey bcressey approved these changes

@webern webern webern approved these changes

@jpmcb jpmcb jpmcb approved these changes

Assignees

@stmcginnis stmcginnis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Kubelet Credential Provider Support
4 participants
@stmcginnis @bcressey @webern @jpmcb