Open RaJiska opened 11 months ago
Up for this functionality also
+1 We have a similar scenario where we launch ephemeral envs with unique namespaces.
Just want to add that we also tried system:serviceaccount:*:my-sa
and it's not working for us it seems either. We are using KOPS to create the role, which looks correct (Fixed in https://github.com/kubernetes/kops/issues/16027).
we also have a use case for this +1
I could also really use this functionality. Not being able to use wildcard patterns in the namespace has completely prevented my organization from moving forward with transition to this feature from the standard IRSA method. With multiple teams deploying to the cluster, often to feature branches that live in their own namespaces, expecting them to first update their EKS Pod Identities with the new namespace first is a massive inconvenience.
Would be nice have this to support ephemeral envs
We need that either. +1!
Needs this feature for ephemeral environments
+1 need this feature for ephemeral environments
What would you like to be added: Reference to this issue: https://github.com/aws/amazon-eks-pod-identity-webhook/issues/58
We'd like to have wildcard implemented for incomplete namespaces, for example:
In the current state of things, implementing it the way shown above will result in a failure to assume the role, with an error message "An unknown error occurred" reported via Cloudtrails.
Why is this needed: Our namespace model follows a pattern with which such a feature would allow us to specifically grant permissions on SAs in namespaces following this pattern.