Creates the IAM resources required in your cloud provider to run Kore with implicit cloud identity
Ensures a cloud identity exists in a cloud provider for Kore to use for accessing one or more cloud APIs with least privilege.
You must be logged in to the relevant cloud in order for these commands to work:
- AWS: Ensure you have a profile configured and selected before running these commands. https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html
You must also have created a cluster in the cloud provider in question:
- AWS: Ensure you have an EKS cluster in which you plan to, or have installed Kore.
kore setup cloudidentity [flags]
# Add a cloud identity and, be prompted for all the values:$ kore setup cloudidentity # Create AWS role for the kore management cluster where kore is (or# will be) installed, and configure an AWS KMS key for secrets# encryption:$ kore setup cloudidentity --cluster-name my-eks-cluster -c aws --kore-namespace kore --aws-setup-kms-key
--aws-disable-kms-setup disables AWS KMS key setup for Kore secrets encryption (by default, KMS setup is enabled when using -c aws) -c, --cloud string cloud to create/ensure identity for: gcp, aws, azure -k, --cluster-name string name of the kubernetes cluster Kore is (or will be) installed on in the cloud provider -h, --help help for cloudidentity -n, --kore-namespace string Kubernetes namespace Kore is (or will be) installed in --kore-sa string Kubernetes service account for Kore (set in the Kore helm chart, should not need changing from default) (default "kore-admin")
--debug indicates we should use debug / trace logging (defaults: false) --force is used to force an operation to happen (defaults: false) --no-wait indicates if we should wait for resources to provision -o, --output string the output format of the resource (json,yaml,table,template) (default "table") --profile string allows you to explicitly set the selected profile --show-headers indicates we should display headers on table out (default true) -t, --team string the team you are operating within --verbose enables verbose logging for debugging purposes (defaults: false)
- kore setup - Initialises dependencies required to run Kore