kubescape / operator

Operator is an in-cluster component of the Kubescape security platform. It allows clients to connect to itself, listens for commands from the connected clients and controls other in-cluster components according to received commands.
Apache License 2.0
13 stars 20 forks source link

Cloud Policies missing #220

Open jeason81 opened 7 months ago

jeason81 commented 7 months ago

I am attempting to setup Kubescape Operator in an EKS environment but have been unsuccessful in determining what AWS permissions are required when specifying the cloudProviderMetadata.awsIamRoleArn section of the Helm chart. I found the documentation lacking for all Cloud Providers but was able to find this: https://hub.armosec.io/recipes/setup-aws-iam-authorization-of-in-cluster-installation-of-kubescape-in-eks. However, it appears this may be outdated as the Helm chart requires only a single ARN and the recipe creates two service accounts with their own policies. Additionally, the recipe specifies the --set createKubescapeServiceAccount=false parameter when doing the Helm install which does not exist in the current Helm chart.

Is it possible to get documentation on what is required for creating the AWS accounts/permissions needed for use with Kubescape Operator?

Oshratn commented 3 months ago

@matthyx this seems like a documentation bug. Please add it to the board.