create/ensure an identity to access: gcp, aws, azure
Ensures a cloud identity exists in a cloud provider for Kore to use for accessing one or more cloud APIs with least privilege.
You must be logged in to the relevant cloud in order for these commands to work:
- AWS: Ensure you have a profile configured and selected before running these commands. https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html
You must also have created a cluster in the cloud provider in question:
- For AWS, either:
- Ensure you have an EKS cluster in which you plan to install, or have installed, Kore.
- You have installed Kore on another cloud provider and need to provide Kore access to any AWS account.
kore setup cloudidentity [flags]
# Add a cloud identity and, be prompted for all the values:$ kore setup cloudidentity # Create / update AWS role for the kore management cluster where kore is (or# will be) installed, and configure an AWS KMS key for secrets# encryption:$ kore setup cloudidentity --cluster-name my-eks-cluster -c aws --kore-namespace kore --aws-setup-kms-key # When Kore is NOT running in AWS, create / update an AWS user identity for Kore to use and ensure the associated cloud-credential exists:$ kore setup cloudidentity -c aws --kore-hosting-cloud other # When Kore is NOT running in AWS, REMOVE an AWS user identity and associated cloud-credential in Kore:$ kore setup cloudidentity -c aws --kore-hosting-cloud other --remove
--aws-disable-kms-setup disables AWS KMS key setup for Kore secrets encryption (by default, KMS setup is enabled when using -c aws) -c, --cloud string cloud to create/ensure identity for: gcp, aws, azure -k, --cluster-name string name of the kubernetes cluster Kore is (or will be) installed on in the cloud provider -h, --help help for cloudidentity --kore-hosting-cloud string create/ensure a cloud identity suitable for when kore is running on: gcp (GKE), aws (EKS), azure (AKS), other -n, --kore-namespace string Kubernetes namespace Kore is (or will be) installed in --kore-sa string Kubernetes service account for Kore (set in the Kore helm chart, should not need changing from default) (default "kore-admin") --remove removes all IAM resources created and removes the associated Kore cloudcredential
--debug Indicates we should use debug / trace logging (default: false) --force Used to force an operation to happen (default: false) --no-wait Indicates we should not wait for resources to provision -o, --output string Output format of the resource (json,yaml,table,template) (default "table") --profile string Use a profile other than your default for this command --show-headers Indicates we should display headers on table out (default true) -t, --team string The team you are operating within --verbose Enables verbose logging for debugging purposes (default: false)
- kore setup - Initialises dependencies required to run Kore