Add ability to authenticate against AWS via STS

IBM / core-dump-handler

Save core dumps from a Kubernetes Service or RedHat OpenShift to an S3 protocol compatible object store

https://ibm.github.io/core-dump-handler/

MIT License

136 stars 40 forks source link

Add ability to authenticate against AWS via STS #87

Closed razielgn closed 2 years ago

razielgn commented 2 years ago

Hello, this patch makes it possible to use the preferred way to authenticate pods with AWS STS (see here). tl;dr without setting a keypair, but instead loading tokens from a mounted file handled by an admission controller.

I've tested it on our EKS deployment before submitting this PR.

No9 commented 2 years ago

Thanks very much for this contribution. Happy to take the code but would you mind putting some info on the configuration into the chart readme below the eksctl section. https://github.com/IBM/core-dump-handler/blob/main/charts/core-dump-handler/README.md#eks-setup-for-gitops-pipelines-eksctl-or-similar Also should there be an example values.yaml for it as well? Something like https://github.com/IBM/core-dump-handler/blob/main/charts/core-dump-handler/values.aws.yaml and call it values.aws.sts.yaml

razielgn commented 2 years ago

Sure, I've added a commit with more documentation and examples.

No9 commented 2 years ago

Great thanks for the update - I'll bundle and push a release towards the end of this week.

razielgn commented 2 years ago

Awesome, thank you!

No9 commented 2 years ago

merged and released in 8.4.0 Thanks again for this @razielgn