Add support for deploying Config as Data UI to EKS

ChristopherFry commented 2 years ago

Add support for deploying the Config as Data UI to Amazon Elastic Kubernetes Service (EKS).

ChristopherFry commented 2 years ago

This is related to GoogleContainerTools/kpt#3480, with the exception that this is a specific request for EKS.

kferrone commented 2 years ago

IAM Users/Roles would be mapped in the aws-auth ConfigMap to a Group. Then those groups can be bound to Roles and ClusterRoles in k8s. Then client would retrieve token from AWS using the KubeConfig exec in the user section like this:

- name: some-user
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      command: aws
      args:
      - eks
      - get-token
      - --region
      - us-west-2
      - --cluster-name
      - my-cluster
      - --role-arn
      - arn:aws:iam::123456789:role/my-admin
      env:
      - name: AWS_PROFILE
        value: my-account
      interactiveMode: IfAvailable
      provideClusterInfo: false

The docs are here:

https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html

GoogleContainerTools / kpt-backstage-plugins

Add support for deploying Config as Data UI to EKS #165