Using IRSA in your application
Now that you understand the basic concepts behind IRSA, let’s look at how you can configure and use it in your applications. We will look at how to deploy a Pod manually and configure it to use IRSA and then we will look at how you can really simplify the process using eksctl.
How to deploy a Pod and use IRSA credentials
The first step is to make sure you have an OIDC provider configured for your cluster. If you used eksctl, this will be configured already:
$ aws eks describe-cluster --name myipv4cluster --query "cluster.identity.oidc.issuer" --output text https://oidc.eks.eu-central-1.amazonaws.com/id/763683678
If you haven’t enabled it, you can use the following eksctl command:
$ eksctl utils associate-iam-oidc-provider --cluster cluster_name –approve
Now that we have an identity for our cluster that we can use, in IAM, we can create the relevant policies and roles. Let’s assume we want to give...
