• Import a ServiceAccount token into kubeconfig

    2 min read

    ServiceAccount token kubeconfig import user credentials

    To locally run some process we might need to use some ServiceAccount credentials to make sure it has the same exact permissions it would have running it as a Pod. To do se we can import the ServiceAccount token into our kubeconfig to be able to impersonate it.

    29/05/2023

    Read more...

  • Generate ServiceAccount Secrets

    1 min read

    Kubernetes ServiceAccount Secrets API Access

    Starting Kubernetes 1.24, Secrets are not automatically generated when Service Accounts are created. Since we won't have a Secret generated when we create the ServiceAccount, how can we create ServiceAccount Secrets so that External Applications can access the Kubernetes API?

    17/04/2023

    Read more...

  • IRSA: How to create an IAM role for a specific ServiceAccount

    2 min read

    On AWS EKS you can associate an IAM role with a Kubernetes service account. The assume role policy is going to look like this:

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Federated": "arn:aws:iam::123456789123:oidc-provider/oidc.eks.us-west-2.amazonaws.com/id/A3E2AFA46A6F0C9B37B3F4A479A00C20"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "oidc.eks.us-west-2.amazonaws.com/id/A3E2AFA46A6F0C9B37B3F4A479A00C20:sub": "system:serviceaccount:demons:demosa"
        }
      }
    }
  ]
}

    Let's take a look on how to create this role using Terraform

    24/11/2021

    Read more...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets