Multi-primary auth in AWS EKS

dampcake · October 19, 2022, 8:27pm

When using istioctl x create-remote-secret it seems to get a token that only lasts ~15 minutes. I have tried manually updating the secret with an exec block to call aws eks get-token but it seems to be blocked as I see an error like:

2022-10-19T17:09:35.780714Z	error	Updating cluster_id=cluster1 from secret=istio-system/istio-remote-secret-cluster1: kubeconfig is not allowed: exec is not allowed

Not sure if anyone has run into this and found a workaround. Searching hasn’t come up with much.

dampcake · October 20, 2022, 4:36pm

Okay this was my own fault. I was creating this secret manually using the token from a Terraform EKS module which was short lived. After getting the token from the service account like the command does it’s working.

Topic		Replies	Views
Access istio/k8s service via HTTPS Security	0	490	December 8, 2019
Authentication Policy issues Security	1	832	February 5, 2019
Istio with API Gateway using Mutual TLS - Key Rotation requires downtime Security security	1	695	April 26, 2022
Aurora Postgres authentication using istio	0	215	September 25, 2023
Keycloak Istio Ingress Gateway	2	1934	July 8, 2023

Multi-primary auth in AWS EKS

Related Topics