search

AliyunContainerService / ack-ram-authenticator

Using Alibaba Cloud credentials to authenticate to a Kubernetes cluster
Apache License 2.0
31 stars 9 forks source link

Can I use this with Aliyun managed k8s service? #1

Open OUCHUNYU opened 5 years ago

OUCHUNYU commented 5 years ago

Problem

As I understand about Aliyun managed k8s service, I won't be able to access or configure master node, it seems like that I would not be able to complete step 3 in README: "Configure your API server to talk to the server".

My use case

I want to enable our team members to use kubectl to access our cluster by assuming a role(cross-account).

Questions

  1. Is there a workaround I can do about this?
  2. Is there an alternative to ack-ram-authenticator?
  3. If the answer is "no" for both 1 and 2, do I have to use the "Dedicated Kubernetes"(the 3-master-node cluster service) to achieve my use case?
DahuK commented 5 years ago

@OUCHUNYU Thanks for your good questions, we will support the feature of assuming the role from cross-account soon, then there is also a plan to give a security advanced options when creating the managed kubernetes cluster to customize its apiserver, will notice you when the features release.

cccfs commented 3 years ago

Is there any progress?