Add optional support for enabling a Kubernetes service account and associated IAM role that defines the access to public and private S3 buckets for each environment. This provides similar functionality of EC2 instance profiles within Kubernetes namespaces.
At a high level, the process is:
Create environment-specific public and private S3 buckets
Pods have read/write access to buckets w/o access keys
The securityContext also had to be updated so that non-root users could access the token on the filesystem in the container per this solution.
I debated whether or not this should exist here or within ansible-role-k8s-web-cluster. I ended up settling on here due to the re-use of environment-specific variables. However, it certainly touches on both projects and am open to suggestions.
Add optional support for enabling a Kubernetes service account and associated IAM role that defines the access to public and private S3 buckets for each environment. This provides similar functionality of EC2 instance profiles within Kubernetes namespaces.
At a high level, the process is:
The
securityContext
also had to be updated so that non-root users could access the token on the filesystem in the container per this solution.I debated whether or not this should exist here or within ansible-role-k8s-web-cluster. I ended up settling on here due to the re-use of environment-specific variables. However, it certainly touches on both projects and am open to suggestions.