Kube2iam docs #295
Kube2iam docs #295
Conversation
jetstack-bot
added
release-note-none
|
/retest |
|
/assign @dippynark |
jetstack-bot
added
the
needs-rebase
jetstack-bot
removed
the
needs-rebase
docs/examples/kube2iam.rst
Outdated
| Prerequisite | ||
| ~~~~~~~~~~~~ | ||
|
|
||
| Make sure `HELM <https://www.helm.sh/>`_ is `activated <https://docs.tarmak.io/user-guide.html#tiller>` on the Tarmak cluster. |
There was a problem hiding this comment.
link isn't displaying properly
There was a problem hiding this comment.
Possibly refer to the tarmak docs for installing tiller into the cluster too rather than suggesting using helm init
There was a problem hiding this comment.
@dippynark link is fixed and it was already linked to the docs of tarmak to setup helm.
|
|
||
| .. code-block:: bash | ||
|
|
||
| helm version |
There was a problem hiding this comment.
how can I connect to tarmak using helm? The process of retrieving a kubeconfig is not clear here - I had to hack the kubeconfig generated by tarmak kubectl get nodes and exposed the LB publically
There was a problem hiding this comment.
that will be part of #279. I will make sure to add an reference in these docs once that will be done.
|
|
||
| .. code-block:: bash | ||
|
|
||
| helm upgrade kube2iam stable/kube2iam \ |
There was a problem hiding this comment.
This chart doesn't exist yet?
There was a problem hiding this comment.
that chart exists https://github.com/kubernetes/charts/tree/master/stable/kube2iam
docs/examples/kube2iam.rst
Outdated
| } | ||
|
|
||
| variable "instance_iam_role_arn" { | ||
| description = "ARN of the instance IAM role |
There was a problem hiding this comment.
$ terraform init
There are some problems with the configuration, described below.
The Terraform configuration must be valid before initialization so that
Terraform can determine which modules and providers need to be installed.
Error: Error parsing /Users/luke/Desktop/nginx/test.tf: At 19:48: literal not terminated
docs/examples/kube2iam.rst
Outdated
| .. code-block:: bash | ||
|
|
||
| terraform init | ||
| terraform apply -var cluster_name=example -var region=eu-west-1 -var instance_arn=arn:aws:iam::xxxxxxx:role/my-instance-role |
There was a problem hiding this comment.
$ terraform apply -var cluster_name=cluster -var region=eu-west-1 -var instance_arn=arn:aws:iam::015774327972:policy/kube2iam_assumeRole_policy_cluster
var.instance_iam_role_arn
ARN of the instance IAM role
Enter a value:
docs/examples/kube2iam.rst
Outdated
| "Action": "sts:AssumeRole", | ||
| "Principal": { | ||
| "AWS": [ | ||
| "${instance_iam_role_arn}" |
There was a problem hiding this comment.
var.instance_iam_role_arn?
| EOF | ||
| } | ||
|
|
||
| resource "aws_iam_role_policy" "test_role_policy" { |
There was a problem hiding this comment.
$ terraform apply -var cluster_name=cluster -var region=eu-west-1 -var instance_iam_role_arn=arn:aws:iam::015774327972:policy/kube2iam_assumeRole_policy_cluster
Error: aws_iam_role_policy.test_role_policy: "policy" contains an invalid JSON policy
|
@dippynark I addressed all comments. |
|
/lgtm |
|
Thx @dippynark for getting through this PR with me. I know this was a painfull process :) |
jetstack-bot
added
the
needs-rebase
|
/unassign |
jetstack-bot
removed
lgtm
|
Fixed merge conflicts |
|
I've taken a read over this. I've not tried it all out but it makes sense to me. /lgtm |
|
/assign @simonswine |
|
/unassign |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: simonswine The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
jetstack-bot
added
the
approved
…101-#287-#288-#293-#285-#299-#301-#304-#267-#305-#306-#326-#323-#322-#327-#330-#329-#346-#338-#313-#300-#296-#347-#295-#344-#235-#361-#365-#345-#343-#325-#336-#321-#371-#364-#378-origin-release-0.4 Automated cherry pick of #247 #101 #287 #288 #293 #285 #299 #301 #304 #267 #305 #306 #326 #323 #322 #327 #330 #329 #346 #338 #313 #300 #296 #347 #295 #344 #235 #361 #365 #345 #343 #325 #336 #321 #371 #364 #378
5 participants
What this PR does / why we need it:
Docs on how to add kube2iam to our Tarmak setup
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close that issue when PR gets merged): fixes #290Special notes for your reviewer:
We also need #293 merged for checks to clear
Release note: