MENU

Fun & Interesting

EKS Pod Identities: The Most Detailed Video (K8s Authentication into AWS Series)

Sliced Array 128 lượt xem 2 weeks ago
Video Not Working? Fix It Now

This is the first detailed video of the series on authenticating into AWS from K8s workloads. This video focuses on EKS Pod Identities, going into the most detailed details I could found on the open web.

I show how to enable Pod Identities on EKS clusters, how to make use of it, and then I explain the details under the hood.

Links to documentation and code:
1. Credential Provider Chain - https://docs.aws.amazon.com/sdkref/latest/guide/standardized-credentials.html#credentialProviderChain
2. Container Credentials Provider - https://docs.aws.amazon.com/sdkref/latest/guide/feature-container-credentials.html
3. Java SDK - https://github.com/aws/aws-sdk-java/blob/master/aws-java-sdk-core
4. AssumeRoleForPodIdentity docs - https://docs.aws.amazon.com/eks/latest/APIReference/API_auth_AssumeRoleForPodIdentity.html
5. TokenRequest docs - https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/token-request-v1/
6. Pod Identity Webhook Github - https://github.com/aws/amazon-eks-pod-identity-webhook
7. Pod Identity Agent Github - https://github.com/aws/eks-pod-identity-agent

Sections:
--------------
1. Intro - 00:00
2. What Pod Identities Are - 00:25
3. Demo: Cluster Creation - 00:58
4. Demo: PSA - 02:03
5. Demo: Cluster Creation contd - 02:36
6. Demo: Enabling the Addon - 03:36
7. Demo: Creating the CNI IAM Role - 04:29
8. Demo: Cluster Creation contd - 05:44
9. Demo: Generating the kubeconfig - 05:53
10. Demo: Adding Compute to the Cluster - 06:51
11. Demo: Creating the Instance Profile for Nodes - 07:11
12. Demo: Selecting the Node details - 08:29
13. Demo: Waiting for kubelet - 09:22
14. Demo: Creating the Pod Role - 09:35
15. Demo: Creating the Service Account - 10:41
16. Demo: Mapping them together - 11:02
17. Demo: Launching the Pod - 11:20
18. Demo: Inspecting the Pod - 12:01
19. Demo: Testing Permissions - 12:38
20. Post Demo Thoughts - 13:08
21. Architecture: Intro - 14:01
22. Architecture: Demo Recap - 14:53
23. Architecture: EKS Pod Identity Webhook - 15:38
24. Architecture: EKS Pod Identity Agent - 17:27
25. Architecture: Tracing the Steps - Webhook - 17:51
26. Architecture: Steps - Credentials URI - 18:28
27. Architecture: Steps - Agent Networking - 19:07
28. Architecture: Steps - Credentials Token - 19:23
29. Architecture: Steps - Inside the SDK - 20:10
30. Architecture: Steps - Inside the Agent - 21:21
31. Architecture: Steps - Beyond the Fence - 21:41
32. Architecture: Steps - Journey Ends - 22:07
33. Additional: Agent's Use of IMDS - 22:18
34. Additional: JWT contents - 22:44
35. Additional: Instance Profile Permissions - 23:16
36. Outro - Pros and Cons of Pod Identities - 23:51
37. fin - 25:41

Attributions:
------------------
Background Music:
Hibiscus by Purrple Cat | https://purrplecat.com/
Music promoted by https://www.chosic.com/free-music/all/
Creative Commons CC BY-SA 3.0
https://creativecommons.org/licenses/by-sa/3.0/

Coffee Chillout - by Roman Belov at Pixabay - https://pixabay.com/users/romanbelov-25347333/?utm_source=link-attribution&utm_medium=referral&utm_campaign=music&utm_content=15283

Calm Mind - Chill Lofi Beat Background Music by FASSounds at Pixabay - https://pixabay.com/users/fassounds-3433550/?utm_source=link-attribution&utm_medium=referral&utm_campaign=music&utm_content=259700

Relaxed Day Music by Sekuora at Pixabay - https://pixabay.com/users/sekuora-40269569/?utm_source=link-attribution&utm_medium=referral&utm_campaign=music&utm_content=250712

Deep Technology - by yourtunes at Pixabay - https://pixabay.com/users/yourtunes-13513207/?utm_source=link-attribution&utm_medium=referral&utm_campaign=music&utm_content=210865

Downtown Glow by Ghostrifter & Devyzed
Creative Commons — Attribution-NoDerivs 3.0 Unported — CC BY-ND 3.0
Music promoted by https://www.chosic.com/free-music/all/

Late at Night by Sakura Girl | https://soundcloud.com/sakuragirl_official
Music promoted by https://www.chosic.com/free-music/all/
Creative Commons CC BY 3.0
https://creativecommons.org/licenses/by/3.0/

lofi-song-kertajina-by-lofium-236750 - Music by Lofium at https://pixabay.com/users/lofium-30660321/?utm_source=link-attribution&utm_medium=referral&utm_campaign=music&utm_content=236730 from Pixabay

royalty-free use lofi chill background - Music by Lidérc https://pixabay.com/users/lidérc-34910776/?utm_source=link-attribution&utm_medium=referral&utm_campaign=music&utm_content=201679 from Pixabay

tasty - Music by FASSounds at https://pixabay.com/users/fassounds-3433550/?utm_source=link-attribution&utm_medium=referral&utm_campaign=music&utm_content=242105 from Pixabay

whip-afro-dancehall-music-110235 - Music by Praz Khanal from Pixabay - https://pixabay.com/users/prazkhanal-24653570/?utm_source=link-attribution&utm_medium=referral&utm_campaign=music&utm_content=110235

lofi-song-jinsei-by-lofium-236730 - Music by Lofium at https://pixabay.com/users/lofium-30660321/?utm_source=link-attribution&utm_medium=referral&utm_campaign=music&utm_content=236730 from Pixabay

k8s

kubernetes

aws

amazon web services

cloud

authentication

authorization

eks

elastic kubernetes service

eks pod identities

IAM

IAM role

ec2

autoscaling

Comment
Ads video related