Documentation
¶
Index ¶
Constants ¶
View Source
const ( AssumeIAMRoleReasonIRSA = "IAM Roles for Service Accounts" AssumeIAMRoleReasonPodIdentity = "Pod Identity" )
View Source
const PodIdentityMinSupportedK8sVersion = "1.24"
https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html#pod-id-cluster-versions
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AssumableIAMRole ¶ added in v0.3.0
type AssumableIAMRole struct {
IAMRole *IAMRole
Reason AssumeIAMRoleReason
}
AssumableIAMRole records that an IAM role can be assumed through a specific mechanism
type AssumeIAMRoleReason ¶ added in v0.3.0
type AssumeIAMRoleReason string
type EKSCluster ¶ added in v0.1.0
type EKSCluster struct {
AwsClient *aws.Config
K8sClient *kubernetes.Clientset
Name string
KubernetesVersion string // e.g. "1.24"
AccountID string
IssuerURL string
ServiceAccountsByNamespace map[string][]*K8sServiceAccount
PodsByNamespace map[string][]*K8sPod
IAMRoles []*IAMRole
}
func (*EKSCluster) AnalyzeRoleRelationships ¶ added in v0.1.0
func (m *EKSCluster) AnalyzeRoleRelationships() error
func (*EKSCluster) AnalyzeRoleRelationshipsForIRSA ¶ added in v0.3.0
func (m *EKSCluster) AnalyzeRoleRelationshipsForIRSA() error
func (*EKSCluster) AnalyzeRoleRelationshipsForPodIdentity ¶ added in v0.3.0
func (m *EKSCluster) AnalyzeRoleRelationshipsForPodIdentity() error
type K8sPod ¶ added in v0.1.0
type K8sPod struct {
Name string
Namespace string
ServiceAccount *K8sServiceAccount
HasProjectedServiceAccountToken bool
}
type K8sServiceAccount ¶ added in v0.1.0
type K8sServiceAccount struct {
Name string
Namespace string
Annotations map[string]string
AssumableRoles []*AssumableIAMRole
}
Source Files
Click to show internal directories.
Click to hide internal directories.