Skip to main content
Version: 0.8

kore setup cloudidentity

kore setup cloudidentity#

create/ensure an identity to access: gcp, aws, azure

Synopsis#

Ensures a cloud identity exists in a cloud provider for Kore to use for accessing one or more cloud APIs with least privilege.

You must be logged in to the relevant cloud in order for these commands to work:

You must also have created a cluster in the cloud provider in question:

  • For AWS, either:
    • Ensure you have an EKS cluster in which you plan to install, or have installed, Kore.
    • You have installed Kore on another cloud provider and need to provide Kore access to any AWS account.
kore setup cloudidentity [flags]

Examples#


# Add a cloud identity and, be prompted for all the values:$ kore setup cloudidentity
# Create / update AWS role for the kore management cluster where kore is (or# will be) installed, and configure an AWS KMS key for secrets# encryption:$ kore setup cloudidentity --cluster-name my-eks-cluster -c aws --kore-namespace kore --aws-setup-kms-key
# When Kore is NOT running in AWS, create / update an AWS user identity for Kore to use and ensure the associated cloud-credential exists:$ kore setup cloudidentity -c aws --kore-hosting-cloud other
# When Kore is NOT running in AWS, REMOVE an AWS user identity and associated cloud-credential in Kore:$ kore setup cloudidentity -c aws --kore-hosting-cloud other --remove

Options#

      --aws-disable-kms-setup       disables AWS KMS key setup for Kore secrets encryption (by default, KMS setup is enabled when using -c aws)  -c, --cloud string                cloud to create/ensure identity for: gcp, aws, azure  -k, --cluster-name string         name of the kubernetes cluster Kore is (or will be) installed on in the cloud provider  -h, --help                        help for cloudidentity      --kore-hosting-cloud string   create/ensure a cloud identity suitable for when kore is running on: gcp (GKE), aws (EKS), azure (AKS), other  -n, --kore-namespace string       Kubernetes namespace Kore is (or will be) installed in      --kore-sa string              Kubernetes service account for Kore (set in the Kore helm chart, should not need changing from default) (default "kore-admin")      --remove                      removes all IAM resources created and removes the associated Kore cloudcredential

Options inherited from parent commands#

      --debug            Indicates we should use debug / trace logging (default: false)      --force            Used to force an operation to happen (default: false)      --no-wait          Indicates we should not wait for resources to provision  -o, --output string    Output format of the resource (json,yaml,table,template) (default "table")      --profile string   Use a profile other than your default for this command      --show-headers     Indicates we should display headers on table out (default true)  -t, --team string      The team you are operating within      --verbose          Enables verbose logging for debugging purposes (default: false)

SEE ALSO#

  • kore setup - Initialises dependencies required to run Kore
Last updated on Jun 24, 2021