self-hosted/docs: Expand ref architecture documentation on eksctl wellknownpolicies #12397
Assignees
Labels
feature: documentation
meta: stale
This issue/PR is stale and will be closed soon
self-hosted: reference-architecture
team: delivery
Issue belongs to the self-hosted team
type: improvement
Improves an existing feature or existing code
Comments
adrienthebo
added
feature: documentation
team: delivery
adrienthebo
added
the
type: improvement
lucasvaltl
moved this to 📓Scheduled
in 🚚 Security, Infrastructure, and Delivery Team (SID)
22 tasks
20 tasks
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Repository owner
moved this from 📓Scheduled
to ✨Done
in 🚚 Security, Infrastructure, and Delivery Team (SID)
Dec 23, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe
The reference architecture documentation relies on eksctl's
wellKnownPoliciesto grant Kubernetes service accountscert-managerandexternal-dns(pending #12395) access to Route53. Because this credential is implicitly attached to a service account in the background it can be difficult to determine if the credentials were correctly attached. Complicating matters is the fact thateksctl get iamserviceaccountsseems to mis-report which wellKnownPolicies are attached to a service account.Describe the behaviour you'd like
The reference architectures should provide verification instructions indicating how to check that AWS credentials are correctly attached to the cert-manager and external-dns service accounts.
The text was updated successfully, but these errors were encountered: