IAM Roles for Service Accounts | Learn about IRSA with demo in 20 mins
HTML-код
- Опубликовано: 28 июл 2024
- This video is about IRSA (IAM roles for Service Accounts). It talks about what is IRSA, benefits of IRSA, how IRSA ties together elements from AWS IAM, OpenID Connect (IdP), K8s Service Accounts and Pods, followed by hands on demo.
References:
docs.aws.amazon.com/eks/lates...
aws.amazon.com/blogs/opensour...
TIMESTAMPS
00:00 Introduction
00:15 What is IRSA?
01:11 Benefits of IRSA
02:12 EKS OpenId Connect Provider
02:44 IAM Federated identities using OIDS
03:05 Flow for retrieving AWS credentials
03:55 Demo
21:00 Decoding the JWT token
22:53 Outro
#aws #irsa #eks #iam #cloud #security
Great Explanation , Thanks
Very good excellent , you saved a lot of my time.
Glad to hear that
This is Gold video bro..
1000 likes from my side
Man, this is by far the best explanation I have found about K8s Service Accounts. You deserve many more subscribers!
Thanks for the kind words. Feel free to share it with your friends. That may help me get more subscribers :)
One of the best explanation with hands on.
Thank you, glad it was helpful.
Wowwwwww you explained the complex concept with clear explanation and demo. Thank you
Glad you liked it
Excellent work! Keep posting more videos.
This taught me a lot about K8s Service accounts and how iam roles are attached to them
Glad it was helpful
Man I really like your explanation with really good and practical example! Big thanks!
Thanks for the kind words. Glad it was helpful
Such a fantastic in depth video that I very much needed to understand this very complex concept. You've done such a fine job explaining the concepts, visually showing the data flow via images and then ending with hands-ons lab fireworks! You sir are the finest!
Glad it was helpful!
Amazing
great video for IRSA, high recommended
Thanks :)
This is really well explained !
Thanks
thank you very much for this learning!
Glad it was helpful!
Excellent, thanks you for shared :)
Thanks for the visit
Nicely done, thank you
Thanks for watching!
Well explained, clear...
Glad you liked it
Thank you very much..
You are welcome
nice explaination!
Glad you liked it!
Good explanation. I tried this & tested with few more "aws s3" commands BAD & GOOD scenarios
Nice
Superb
Thank You!
beautiful
Thank you!
nice presentation, if I am using kubeadm what is procedure
awesome video, only one suggestion, when you type command, can you try to keep them in the middle of the screen? It's difficult to read the bottom of the screen at time.
Noted! Thanks for the feedback
watched at 1.5x 👍
Great presentation! Was able to replicate everything except the secrets part at the end. Not seeing any secrets on my v1.24 cluster for some reason. Any ideas?
If you are saying that IRSA worked for you and you are able to access your services, the secret should be there. Are you looking for it in the right namespace?
Cam we create a service account instead of eksctl using any terraform function?
do we need to give any additional permissions to that app pod like rbac?
Additional permissions like rbac not needed unless your app has special needs like being able to invoke kube apis or if your cluster has network configurations which require pods to have additional permissions. But those have nothing to do with IRSA per se.
I am trying to setup a local cluster for testing purpose with minkube and docker desktop. Do you know, how i can use irsa? Cuz those cluser don’t generate OIDC
IAM roles for Service Accounts (IRSA) is specific to AWS EKS cluster
I created a k8s cluster using kubeadm, But I want to use persistence volume, how to IRSA, I can't able to generate OIDC , How can you explain please