Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Kubernetes / Kubernetes AWS Provider Subproject / 18 Mar 2022
Kubernetes / Kubernetes AWS Provider Subproject / 18 Mar 2022
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Kubernetes - AWS Provider - Meeting 20220318

Description

Recording of the AWS Provider subproject meeting held on 20220318

Agenda - https://docs.google.com/document/d/1-i0xQidlXnFEP9fXHWkBxqySkXwJnrGJP9OGyP2_P14/

Subproject updates:
Authenticator - discussed https://github.com/kubernetes-sigs/aws-iam-authenticator/pull/416

A

Good morning uh it's march, 18 2022., uh welcome to the cloud provider aws meeting of the kubernetes project. The meeting is being recorded. Please be mindful to the cncf code of connect. Let's get started. Let me share my screen here.

A

And this is the agenda that we have so, let's get started with the sub project updates uh ccm.

B

um I don't think we have any updates. um I can't remember when the last uh what the last version we updated is, but uh in the last two weeks I don't believe we do.

A

uh Moving next uh chaops.

C

uh I think the big news is, I think we released one twenty three zero. I think we did that just after the previous uh sega west meeting um other than that, I don't know of anything peter. I don't know if you know of anything, but uh those are. That was our big thing, so rolling forwards with releases yep. That's.

A

About it cool, thank you.

A

The next is the load balancer controller, so we just published the version 2.4.1 pass release uh day before yesterday, and the important changes are support for fail open of target group, so in case like if there is a misconfiguration or outage of the control plane, uh we still want the data plane component to continue to work. So we added this opt-in feature for now.

A

So customers can opt into this feature in this patch release, eventually will make it at the default in future releases. We also removed permissions for secret resources, so controller no longer needs secret resources permission. This was for security reasons, so we modified such that we don't have to watch all the secret resources in the cluster.

A

We will just do it on on a need basis if it's required for the oidc feature.

A

uh Carpenter, anybody from carpenter here.

A

uh So the pull requests of note. So let's uh go on that.

A

Okay,.

B

Yeah I put this uh in there. This is something that we discussed um in in the fighter aws meeting, probably about a month ago. um We did do an internal review of this particular uh pull request. This is the one that added barn-like matching for the aws im authenticator.

B

Ostensibly one of the main use cases that this pr solves is the current pain point with aws sso integration. So, like um I don't know, if you're familiar.

A

With but the roles.

B

Session that is um or sorry the session role, but is created by aws sso has this generated like random, set of characters in it, and um it's just annoying for admins to have to like keep adding um these role or user um arn's that are generated by aws ssf. So um this arm, like wild card support, was to address that particular pain point um in the internal review.

B

um We ended up sort of coming down on um a decision to ask uh logan who's the contributor to sort of re-uh rethink the the pr, and instead of a more generic uh sort of barn-like matching for both user and role and including like globs. um We we thought it would be better to specifically address the aws sso use case, including the like the specific string that aws sso puts into the uh to the rail role arn um and um anyway. So I I've gone back.

B

I had a couple of conversations with logan um and uh those conversations are continuing on the on slack uh he's in, I believe, australia or new zealand. So it's kind of time zone issues, but um hopefully we can have a path forward here in the next or by the next meeting.

B

We can have a reworked pull request for this.

A

Sure, thanks jay.

B

For the updates.

A

uh Sure we'll hear in the next meeting uh about this, I have come to the end of the agenda here. Anybody has anything else to bring about.

B

I don't have anything.

A

All righty, in that case uh yeah we'll I'll, stop the recording.

A

And I have a great rest of the day folks.