dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Including EKS Pod Identity Changes and fixing typo in EKS sample 

Signed-off-by: Fernando Rocha <fernando@diagrid.io>
This commit is contained in:
Fernando Rocha 2025-01-20 20:23:55 -08:00
parent 2ac4e27094
commit 4508e63a54
2 changed files with 4 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
daprdocs/content/en/developing-applications/integrations/AWS/authenticating-aws.md
View File

@ -38,131 +38,11 @@ All of these solutions solve the same problem: They allow the Dapr runtime proce
Both Kiam and Kube2IAM work by intercepting calls to the [instance metadata service](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html). Both Kiam and Kube2IAM work by intercepting calls to the [instance metadata service](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html).
## Setting Up Dapr with AWS EKS Pod Identity ### Setting Up Dapr with AWS EKS Pod Identity
This section provides a detailed walkthrough for setting up Dapr with AWS EKS Pod Identity for accessing AWS services. EKS Pod Identities provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances. Instead of creating and distributing your AWS credentials to the containers or using the Amazon EC2 instances role, you associate an IAM role with a Kubernetes service account and configure your Pods to use the service account.
### Prerequisites To see a comprehensive example on how to authorize pod access to AWS Secrets Manager from EKS using AWS EKS Pod Identity, [follow the sample in this repository](https://github.com/dapr/samples/tree/master/dapr-eks-podidentity).
- AWS CLI configured with appropriate permissions
- kubectl installed
- eksctl installed
- Docker installed and configured
- A Docker Hub account or another container registry
### Create EKS Cluster and install Dapr
Follow the official Dapr documentation for setting up an EKS cluster and installing Dapr:
[Set up an Elastic Kubernetes Service (EKS) cluster](https://docs.dapr.io/operations/hosting/kubernetes/cluster/setup-eks/)
### Create IAM Role and Enable Pod Identity
1. Create IAM policy for AWS service access (example shown for a generic AWS service):
```bash
aws iam create-policy \
--policy-name dapr-service-policy \
--policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"SERVICE_NAME:ACTION1",
"SERVICE_NAME:ACTION2"
],
"Resource": "arn:aws:SERVICE_NAME:YOUR_AWS_REGION:YOUR_ACCOUNT_ID:resource/*"
}
]
}'
```
2. Create IAM role with Pod Identity trust relationship:
```bash
aws iam create-role \
--role-name dapr-pod-identity-role \
--assume-role-policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "pods.eks.amazonaws.com"
},
"Action": [
"sts:AssumeRole",
"sts:TagSession"
]
}
]
}'
```
3. Attach the policy to the role:
```bash
aws iam attach-role-policy \
--role-name dapr-pod-identity-role \
--policy-arn arn:aws:iam::YOUR_ACCOUNT_ID:policy/dapr-service-policy
```
### Create Test Resources
1. Create namespace:
```bash
kubectl create namespace dapr-test
```
2. Create service account:
```bash
kubectl apply -f k8s-config/service-account.yaml
```
3. Create Pod Identity association:
```bash
eksctl create podidentityassociation \
--cluster [your-cluster-name] \
--namespace dapr-test \
--region [your-aws-region] \
--service-account-name dapr-test-sa \
--role-arn arn:aws:iam::YOUR_ACCOUNT_ID:role/dapr-pod-identity-role
```
4. Create Dapr component for your AWS service:
```bash
kubectl apply -f components/aws-component.yaml
```
### Troubleshooting
#### Authentication Issues
If you see "You must be logged in to the server (Unauthorized)", update your kubeconfig:
```bash
aws eks update-kubeconfig --region [your-aws-region] --name [your-cluster-name]
```
#### Pod Identity Issues
Verify Pod Identity association:
```bash
eksctl get podidentityassociation --cluster [your-cluster-name] --region [your-aws-region]
```
#### Dapr Component Issues
Check Dapr sidecar logs:
```bash
kubectl logs -n dapr-test -l app=test-app -c daprd
```
### Use an instance profile when running in stand-alone mode on AWS EC2 ### Use an instance profile when running in stand-alone mode on AWS EC2

2
daprdocs/content/en/operations/hosting/kubernetes/cluster/setup-eks.md
View File

@ -66,7 +66,7 @@ This guide walks you through installing an Elastic Kubernetes Service (EKS) clus
1. Create the cluster by running the following command: 1. Create the cluster by running the following command:
```bash ```bash
eksctl create cluster -f cluster.yaml eksctl create cluster -f cluster-config.yaml
``` ```
1. Verify the kubectl context: 1. Verify the kubectl context: