6 messages
Mallikarjuna Mover 3 years ago
Hi Team,
can someone help me with creating a service account in Kubernetes with a test namespace and access the resources based on service account kubeconfig file.
can someone help me with creating a service account in Kubernetes with a test namespace and access the resources based on service account kubeconfig file.
Adnanover 3 years ago
How to construct a trust policy for allowing role assumption from multiple / all clusters in one account?
This is the docs example:
This is coupled to one particular OIDC provider i.e. one cluster.
I there are a way to make it cluster independent?
This is the docs example:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::111122223333:oidc-provider/oidc.eks.region-code.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"<http://oidc.eks.region-code.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:sub|oidc.eks.region-code.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:sub>": "system:serviceaccount:default:my-service-account",
"<http://oidc.eks.region-code.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:aud|oidc.eks.region-code.amazonaws.com/id/EXAMPLED539D4633E53DE1B71EXAMPLE:aud>": "<http://sts.amazonaws.com|sts.amazonaws.com>"
}
}
}
]
}This is coupled to one particular OIDC provider i.e. one cluster.
I there are a way to make it cluster independent?
Nenad Strainovicover 3 years ago
Hi everyone,
I'm trying to create K8s secret for Service Account (1.24+), with kubectl but I'm getting the following error:
This is commanand:
Do you have any idea where to look? I didn't find a way how to set annotations from the kubectl beside kubectl annotate which can be used on already created objects.
kubectl version 1.25.3
k8s version 1.24.7
Thanks!
I'm trying to create K8s secret for Service Account (1.24+), with kubectl but I'm getting the following error:
error: failed to create secret Secret "admin2" is invalid: metadata.annotations[<http://kubernetes.io/service-account.name|kubernetes.io/service-account.name>]: Required valueThis is commanand:
kubectl create secret generic admin2 --type='<http://kubernetes.io/service-account-token|kubernetes.io/service-account-token>'Do you have any idea where to look? I didn't find a way how to set annotations from the kubectl beside kubectl annotate which can be used on already created objects.
kubectl version 1.25.3
k8s version 1.24.7
Thanks!
Jamesover 3 years ago
Hey Guys - I'm walking to the learning path of K8s and there's one thing I need to understand.
In your own experience/idea, what is the use case of running multiple schedulers in the real-world?
In your own experience/idea, what is the use case of running multiple schedulers in the real-world?
Jim Parkover 3 years ago
Not sure who might want this in the future, but here's something I put together to export a kubernetes namespace to disk.
Talal Ashrafabout 3 years ago
Hey Folks. Wondering if people using EKS have tried using Karpenter ? Can I simply replace the autoscaler with this ? The autoscaler unfortunately doesn't consider volume node affinities