AWS Targets Auth update#1243
Conversation
9558b0d to
725e4ef
Compare
odacremolbap
left a comment
There was a problem hiding this comment.
I think this is mergeable.
PTAL at the 2 comments, none of them blockers.
fee6f8f to
cc3400c
Compare
cc3400c to
288b01c
Compare
|
Thanks @tzununbekov for the clear explanations and input for the docs. |
|
@FranBarrera as discussed with the team, can you share the missing piece of information about adding an annotation to the TriggerMesh service account? (for components that require reconciliation on the controller side, when using IAM role). That way we can mention it in the docs. |
|
@jmcx Yes, the missing piece is to add an annotation to our triggermesh-controller service account and restart the triggermesh-controller pod: To do that users could use these commands: |
|
@jmcx Note for docs: It should be like this: |
|
Curly braces in shell scripts are optional unless parameter expansion is used. If you prefer it this way, then for the consistency update the script to make all variables look the same. |
IAM Role auth support in AWS targets:
Resolves Support IAM role auth in AWS targets #1238
BREAKING CHANGE: All AWS target CRDs are updated to match AWS Sources' auth structure.
Should be mentioned in the release note when merged (cc @sameersbn).
Before:
After:
Hence, IAM role auth is now available as:
Resolves AWS Spec Credentials Should Match in Targets and Sources #1114
Note for Docs (cc @jmcx)
After this PR is merged and released, all AWS Target docs and samples should be updated according to the "Before/After" example above.
Here is a draft "EKS IAM Role auth" instruction:
The official document used for this instruction is here.
The configuration process (IAM policies, roles, resources) may vary depending on the AWS target used and cluster security requirements.