You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Note that the IAM Role associated with the ServiceAccount in the workload cluster should have a permission policy that references the OIDC Provider of the workload cluster
# The OpenIDConnectProvider Crossplane resource is created at the time of creating the workload cluster
#However, the creation of IAM Roles that reference this provider does not seem possible without manual intervention because we have to inject the OIDC Provider URL in the policy document which is specified as a string.
#Currently, Crossplane does not provide a mechanism to do this. So, we are creating the IAM role out of band using the eksctl CLI tool
#The trust policy of this IAM role must be updated with the OIDC Provider URL of the workload cluster before we deploy the external secrets to it.
#Using this, an IAM role can be created using Crossplane, with its trust policy referencing the OIDC Provider of the workload cluster
#In this example, we are doing the IAM role creation out of band.
#Hence, the trust policy of this IAM role must be updated with the OIDC Provider URL of the workload cluster before we deploy the external secrets to it.
