2回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
Amazon EKS uses IAM to provide authentication to your Kubernetes cluster, OIDC provider is just an additional option. It's not required for EBS CSI driver to work.
回答済み 1年前
0
Yes, an OIDC provider is one of the pre-requisite for using Amazon EBS CSI driver with EKS. You can check all the other pre-requisites in the Prerequisites section of this document.
Why is it a must requirement?
- When we create an EKS cluster, an OIDC issuer URL is associated with it.
- By default, the EBS CSI driver is configured to use IAM roles to service accounts (ISRA), where the EBS CSI driver pods use service account tokens to access IAM credentials.
- To use ISRA, an IAM OIDC provider must exist for your cluster's OIDC issuer as mentioned here. This makes creating an OIDC provider a must requirement to use Amazon EBS with EKS cluster.
Also be it Amazon EBS or Amazon EFS Driver, both the drivers use IAM Roles for Service Account(ISRA), so OIDC must exist for the EKS cluster to use ISRA.
回答済み 1年前