This project contains code and configuration suitable for providing IAM pod identities and temporary, STS credentials to OpenShift 4.2+ using a sidecar proxy and Lambda-based API. It borrows concepts from kiam and the amazon-eks-pod-identity-webhook.
This sample includes:
- README.md - this file
- User Guide.pdf - Walks through installation, validation and usage of the OCP IAM Broker & Webhook
- assets/broker-webhook/cloudformation/deployment.yml - CloudFormation facilitating the AWS portion of deployment
- assets/proxy/* - Dockerfile and S2I artifacts for building proxy images for use on OCP
Please review the User Guide.