Issue with IAM cloudformation

[janavenkat]

I have issue with cloudformation template polices are not applied to the role

https://github.com/VirtusLab/kubedrainer/blob/master/examples/kubernetes.yaml

[pawelprazak]

I'm not sure I understand, what part exactly gives you problems, what error messages or log show there is a problem.

What do you use to provide IAM rolea to pods, do you have kube2iam?

wt., 11 lut 2020, 14:50 użytkownik janavenkat notifications@github.com napisał:

I have issue with cloudformation template polices are not applied to the role

https://github.com/VirtusLab/kubedrainer/blob/master/examples/kubernetes.yaml

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/VirtusLab/kubedrainer/issues/2?email_source=notifications&email_token=AAAL52VLC2SR7SNUOMHGBNTRCKUK5A5CNFSM4KTBFDNKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IMSBV5Q, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAL52QNHP2HP3KWKANZXYLRCKUK5ANCNFSM4KTBFDNA .

[janavenkat]

@pawelprazak thanks for the quick response. https://github.com/VirtusLab/kubedrainer/blob/master/examples/iam.yaml

1. Create the IAM role and used the above cloud formation template for attaching the Policies to my iam role

2. But its seems in my role doesn't attach any policies by that template

                             OR

Please tell me how did you create IAM and inline policy am not familiar with cloudformation

[pawelprazak]

OK, but this example is for kube2iam, do you have it?

wt., 11 lut 2020, 17:32 użytkownik janavenkat notifications@github.com napisał:

@pawelprazak https://github.com/pawelprazak thanks for the quick response. https://github.com/VirtusLab/kubedrainer/blob/master/examples/iam.yaml

1. Create the IAM role used the above cloud formation template for attaching the Policies to my iam role
2. But its seems in my role doesn't attach any policies

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/VirtusLab/kubedrainer/issues/2?email_source=notifications&email_token=AAAL52XZ3WPSO5FUAX4DBZDRCLHIJA5CNFSM4KTBFDNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELNC3UA#issuecomment-584723920, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAL52QCMA2TOTLDWUUYQD3RCLHIJANCNFSM4KTBFDNA .

[janavenkat]

OK, but this example is for kube2iam, do you have it? wt., 11 lut 2020, 17:32 użytkownik janavenkat notifications@github.com napisał: … @pawelprazak https://github.com/pawelprazak thanks for the quick response. https://github.com/VirtusLab/kubedrainer/blob/master/examples/iam.yaml 1. Create the IAM role used the above cloud formation template for attaching the Policies to my iam role 2. But its seems in my role doesn't attach any policies — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#2?email_source=notifications&email_token=AAAL52XZ3WPSO5FUAX4DBZDRCLHIJA5CNFSM4KTBFDNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELNC3UA#issuecomment-584723920>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAL52QCMA2TOTLDWUUYQD3RCLHIJANCNFSM4KTBFDNA .

Sorry am not using kube2iam is there any alternate way. Thank you

[pawelprazak]

https://github.com/jtblin/kube2iam https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/

wt., 11 lut 2020, 20:26 użytkownik janavenkat notifications@github.com napisał:

OK, but this example is for kube2iam, do you have it? wt., 11 lut 2020, 17:32 użytkownik janavenkat notifications@github.com napisał: … <#m_7917859409093995090_m3042013211416857891> @pawelprazak https://github.com/pawelprazak https://github.com/pawelprazak thanks for the quick response. https://github.com/VirtusLab/kubedrainer/blob/master/examples/iam.yaml 1. Create the IAM role used the above cloud formation template for attaching the Policies to my iam role 2. But its seems in my role doesn't attach any policies — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#2 https://github.com/VirtusLab/kubedrainer/issues/2?email_source=notifications&email_token=AAAL52XZ3WPSO5FUAX4DBZDRCLHIJA5CNFSM4KTBFDNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELNC3UA#issuecomment-584723920>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAL52QCMA2TOTLDWUUYQD3RCLHIJANCNFSM4KTBFDNA .

Sorry am not using kube2iam is there any alternate way. Thank you

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/VirtusLab/kubedrainer/issues/2?email_source=notifications&email_token=AAAL52V5JG7M5YI26BVSRRDRCL3XLA5CNFSM4KTBFDNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELNXRTA#issuecomment-584808652, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAL52XKNUDF7XBUTYHO4I3RCL3XLANCNFSM4KTBFDNA .

[janavenkat]

Thank you :) But is there an alternate way to use this tool instead of kube2iam am afraid to apply it in production because its changes the iptable

[pawelprazak]

There probably is, but this is the way I've been doing it. Can't say that I've tested any other solution. If you are on EKS you might look into the AWS way, they've added (one of the links I've sent), but haven't used it myself yet.

śr., 12 lut 2020, 11:25 użytkownik janavenkat notifications@github.com napisał:

Thank you :) But is there an alternate way to use this tool instead of kube2iam am afraid to apply it in production because its changes the iptable

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/VirtusLab/kubedrainer/issues/2?email_source=notifications&email_token=AAAL52SZELY6U55YG75XOI3RCPFCBA5CNFSM4KTBFDNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELQHYUY#issuecomment-585137235, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAL52TSXRHC5YNHXMHT2UDRCPFCBANCNFSM4KTBFDNA .

[janavenkat]

Thank you