Credential Provider Package
If you have not already done so, make sure your cluster meets the package prerequisites. Be sure to refer to the troubleshooting guide in the event of a problem.
Important
- Starting at
eksctl anywhere
versionv0.12.0
, packages on workload clusters are remotely managed by the management cluster. - While following this guide to install packages on a workload cluster, please make sure the
kubeconfig
is pointing to the management cluster that was used to create the workload cluster. The only exception is thekubectl create namespace
command below, which should be run withkubeconfig
pointing to the workload cluster.
Install
By default an instance of this package is installed with the controller to help facilitate authentication for other packages. The following are instructions in case you want to tweak the default values.
-
Generate the package configuration
eksctl anywhere generate package credential-provider-package --cluster <cluster-name> > credential-provider-package.yaml
-
Add the desired configuration to
credential-provider-package.yaml
Please see complete configuration options for all configuration options and their default values. Example default package using IAM User Credentials installed with the controllerapiVersion: packages.eks.amazonaws.com/v1alpha1 kind: Package metadata: name: my-credential-provider-package namespace: eksa-packages-<clusterName> annotations: "helm.sh/resource-policy": keep "anywhere.eks.aws.com/internal": "true" spec: packageName: credential-provider-package targetNamespace: eksa-packages config: |- tolerations: - key: "node-role.kubernetes.io/master" operator: "Exists" effect: "NoSchedule" - key: "node-role.kubernetes.io/control-plane" operator: "Exists" effect: "NoSchedule" sourceRegistry: public.ecr.aws/eks-anywhere credential: - matchImages: - 783794618700.dkr.ecr.us-west-2.amazonaws.com profile: "default" secretName: aws-secret defaultCacheDuration: "5h"
-
Create the secret. If you are changing the secret, see complete configuration options for the format of the secret.
-
Create the namespace (if not installing to eksa-packages). If you are overriding
targetNamespace
, changeeksa-packages
to the value oftargetNamespace
.kubectl create namespace <namespace-name-here>
-
Install the credential-provider-package
eksctl anywhere create packages -f credential-provider-package.yaml
-
Validate the installation
eksctl anywhere get packages --cluster <cluster-name>
Update
To update package configuration, update credential-provider-package.yaml file and run the following command:
eksctl anywhere apply package -f credential-provider-package.yaml
Upgrade
Credential-Provider-Package will automatically be upgraded when a new bundle is activated.
Uninstall
To uninstall credential-provider-package, simply delete the package:
eksctl anywhere delete package --cluster <cluster-name> my-credential-provider-package