[英]How to get EKS Pod role with aws command
i need eks pod role not worker node role but, when i try below command, i can only get eks worker node role..我需要 eks pod 角色而不是工作节点角色但是,当我尝试以下命令时,我只能获得 eks 工作节点角色..
=> curl http://169.254.169.254/latest/meta-data/iam/security-credentials; => curl http://169.254.169.254/latest/meta-data/iam/security-credentials; echo
回声
how can i get pod role?我怎样才能获得 Pod 角色?
i need pod role for setting GOOGLE_APPLICATION_CREDENTIALS config file.我需要 pod 角色来设置 GOOGLE_APPLICATION_CREDENTIALS 配置文件。
{
"type": "external_account",
"audience": "~~~~~~~~",
"subject_token_type": "~~~~~~~",
"token_url": "https://sts.googleapis.com/v1/token",
"credential_source": {
"environment_id": "aws1",
"region_url": "http://169.254.169.254/latest/meta-data/placement/availability-zone",
"url": "http://169.254.169.254/latest/meta-data/iam/security-credentials", ====> return worker node role
"regional_cred_verification_url": "https://sts.{region}.amazonaws.comAction=GetCallerIdentity&Version=2011-06-15"
},
"service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/!@#$!@#$!@#$.iam.gserviceaccount.com:generateAccessToken"
}
help me please.请帮帮我。 thank you so much.
太感谢了。
yes i already assume a role in GCP
You can then create a service account with the same policy as the IAM role above for your pod using eksctl :然后,您可以使用eksctl为您的 pod 创建一个与上述 IAM 角色具有相同策略的服务帐户:
eksctl create iamserviceaccount \
--name <name of the service account> \
--namespace <where the service account resides> \
--cluster <cluster name> \
--attach-policy-arn arn:aws:iam::<account>:policy/<name of the IAM policy> \
--approve
Refer the service account in your spec:请参考您的规范中的服务帐户:
...
spec:
serviceAccountName: <name of the service account>
...
Now your pod will assume the IAM role and not the node role.现在您的 pod 将承担 IAM 角色而不是节点角色。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.