EKS currently has native support for OIDC Authentication #34
Labels
correction
Data is inaccurate
Comments
|
Nope, IRSA uses the AWS OIDC provider. What you mean is aws/containers-roadmap#166 |
|
@Missshao thanks for your comment. @mhausenblas is correct, IAM Roles for Service Accounts (IRSA) is different than OIDC authentication. I'll admit it's a little confusing because IRSA relies on an OIDC endpoint, but that is there so pods can assume an IAM role. The section you referenced is about how users are authenticated by the Kubernetes API. Today, EKS only supports 2 forms: bearer tokens and a webhook. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the problem
https://github.com/aws/aws-eks-best-practices/blob/master/content/security/docs/iam.md
“EKS currently has native support for webhook token authentication and service account tokens.”
I think EKS now support OIDC .
References
https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html
The text was updated successfully, but these errors were encountered: