Skip to content

Commit

Permalink
Allow short-lived AWS credentials
Browse files Browse the repository at this point in the history 
Add SESSION_TOKEN to aws-secret and the pod
environment. (Fixes kkb0318#3)
  • Loading branch information
@brianr2600
brianr2600 committed Aug 22, 2024
1 parent 23efcfc commit 3b9e632
Show file tree
Hide file tree
Showing 5 changed files with 14 additions and 0 deletions.
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ Create a secret for irsa-manager to access AWS:
kubectl create secret generic aws-secret -n irsa-manager-system \
--from-literal=aws-access-key-id=<your-access-key-id> \
--from-literal=aws-secret-access-key=<your-secret-access-key> \
--from-literal=aws-session-token=<your-aws-session-token> # Optional \
--from-literal=aws-region=<your-region> \
--from-literal=aws-role-arn=<your-role-arn> # Optional: Set this if you want to switch roles

Expand Down
1 change: 1 addition & 0 deletions charts/irsa-manager/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ helm install irsa-manager kkb0318/irsa-manager -n irsa-manager-system --create-n
kubectl create secret generic aws-secret -n irsa-manager-system \
--from-literal=aws-access-key-id=<your-access-key-id> \
--from-literal=aws-secret-access-key=<your-secret-access-key> \
--from-literal=aws-session-token=<your-aws-session-token> # Optional \
--from-literal=aws-region=<your-region> \
--from-literal=aws-role-arn=<your-role-arn> # Optional: Set this if you want to switch roles

Expand Down
1 change: 1 addition & 0 deletions charts/irsa-manager/README.md.gotmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ helm install irsa-manager kkb0318/irsa-manager -n irsa-manager-system --create-n
kubectl create secret generic aws-secret -n irsa-manager-system \
--from-literal=aws-access-key-id=<your-access-key-id> \
--from-literal=aws-secret-access-key=<your-secret-access-key> \
--from-literal=aws-session-token=<your-aws-session-token> # Optional \
--from-literal=aws-region=<your-region> \
--from-literal=aws-role-arn=<your-role-arn> # Optional: Set this if you want to switch roles

Expand Down
5 changes: 5 additions & 0 deletions charts/irsa-manager/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,11 @@ spec:
secretKeyRef:
key: aws-secret-access-key
name: aws-secret
- name: AWS_SESSION_TOKEN
valueFrom:
secretKeyRef:
key: aws-session-token
name: aws-secret
- name: AWS_REGION
valueFrom:
secretKeyRef:
Expand Down
6 changes: 6 additions & 0 deletions config/manager/manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,12 @@ spec:
name: aws-secret
key: aws-secret-access-key
# optional: true
- name: AWS_SESSION_TOKEN
valueFrom:
secretKeyRef:
name: aws-secret
key: aws-session-token
# optional: true
- name: AWS_REGION
valueFrom:
secretKeyRef:
Expand Down

0 comments on commit 3b9e632

Please sign in to comment.