AWS supports IAM Roles for Service Accounts (IRSA) that allows cluster operators to map AWS IAM Roles to Kubernetes Service Accounts.
To do so, one has to create an iamserviceaccount in an EKS cluster:
eksctl create iamserviceaccount --name <AUTOSCALER_NAME> --namespace kube-system --cluster <CLUSTER_NAME> --attach-policy-arn <POLICY_ARN> --approve --override-existing-serviceaccounts
The problem is that I don't want to use the above eksctl command because I want to declare my infrastructure using terraform.
eksctl
terraform
Does eksctl command do anything other than creating a service account? If it only creates a service account, what is the YAML representation of it?
YAML
First, you should define IAM role in Terraform.
Second, you should configure aws-auth configmap in Kubernetes to map the IAM role to Kubernetes user or serviceaccount. You can do that in Terraform using Kubernetes provider.
There is already a Terraform module terraform-aws-eks which manages all aspects of EKS cluster. You may take some ideas from it.
1.4m articles
1.4m replys
5 comments
56.9k users