Description
Summary
I would like to use EKS Pod Identities but there is no module that does the create-pod-identity-association to connect an IAM role with a Kubernetes service account.
This concern obviously bridges the domains of EKS clusters, IAM roles, IAM policies, Postgres databases/users, and K8s service accounts. In my opinion this is most dependent on the eks_cluster feature domain since the existence of the service account or db user are not hard dependencies and the IAM roles and policy creation can already be done with existing modules.
My specific use-case is that I am trying to build an Ansible Operator using Operator SDK that can create databases and IAM authenticated database users within a pre-existing RDS instance. Using Pod Identities would allow a full chain of best practices.
The RDS instance and EKS cluster are infrastructure and created by Terraform (or other IaC).
With n applications deploy in k8s using a single RDS Instance, the application's database is a dependency of the application and thus best managed as an artifact of the deployment. Using an Operator allows separation of the RDS master admin credentials from the individual applications.
Issue Type
Feature Idea
Component Name
eks_cluster
Additional Information
Code of Conduct
- I agree to follow the Ansible Code of Conduct