Skip to content

mjnagel/k3d-irsa

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
chart
chart
 
 
docs
docs
 
 
go
go
 
 
manifests
manifests
 
 
tofu
tofu
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
renovate.json5
renovate.json5
 
 

Repository files navigation

IRSA on k3d

This repository provides resources for setting up IRSA (IAM Roles for Service Accounts) on a local k3d cluster. IRSA enables you to map AWS IAM roles to Kubernetes service accounts, allowing specific pods to securely access AWS resources. While IRSA is provided out of the box with AWS EKS clusters, it is also possible to self-host the IRSA setup on any cluster. This repository focuses specifically on how to do this for k3d clusters, although the steps can be easily adapted to k3s and RKE2 or other Kubernetes distributions.

Setup Guides

Choose your preferred setup method:

  1. OpenTofu - Automated setup using Infrastructure as Code:

  2. AWS CLI - Step-by-step manual setup:

Key Steps

  • Set up OIDC provider in AWS IAM
  • Configure k3d with OIDC support
  • Deploy the IRSA webhook for automatic credential injection
  • Validate by setting up an IAM role and testing usage with a pod/service account

Prerequisites

Each individual setup guide has some specific prerequisites, but these are required regardless of approach:

License

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.

About

Resources and setup guides for using IRSA with a local k3d cluster

Topics

kubernetes aws tofu k3d irsa opentofu

Resources

Readme

License

Apache-2.0 license
Activity

Stars

16 stars

Watchers

1 watching

Forks

0 forks
Report repository

Contributors 2

  •  
  •  

Languages