search

aws-samples / aws-secret-sidecar-injector

Kubernetes mutating webhook to fetch secrets from AWS Secrets Manager
MIT No Attribution
145 stars 35 forks source link

ability to create serviceAccount by using helm #56

Open devopsmash opened 3 years ago

devopsmash commented 3 years ago

In order to get an easier deployment, it will be awesome if the chart secret-inject/secret-inject will contain also the ability to create a serviceAccount with OIDC like aws-efs-csi-driver chart has:

https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/f89b14367e2509738dc885ab82370152c2f4cf83/charts/aws-efs-csi-driver/values.yaml#L74-L81

In addition, it will be great to have also some guidelines of how to create a serviceAccount , the IAM policy, the role trust under the README.md instead of this article. This can improve the quickstart

jicowan commented 3 years ago

We can update the readme @dsaydon90 with instructions for creating a serviceAccount, IAM policy, etc, but I'm hesitant to include code to automatically creates an IAM role since that is a privileged operation. The solution is designed to force you to create an IAM policy/role and serviceAccount that is scoped to a secret.