How to Provide IAM Credentials to Containers in Kubernetes
To provide IAM credentials to containers running within a Kubernetes cluster, use annotations.
Kube2iam is a solution that redirects traffic intended for the EC2 metadata API from Docker containers to a dedicated container on each instance. This container then makes a call to the AWS API to retrieve temporary credentials and returns these credentials to the original requester.
This container must have the appropriate permissions
This container must have the appropriate permissions to successfully make calls to the AWS API.
The solution is to redirect traffic to retrieve credentials
The solution involves redirecting the traffic that is intended for the EC2 metadata API used by Docker containers. This traffic will be sent to a container running on each instance. The container will then call the AWS API to obtain temporary credentials and return these credentials to the original caller.
All other calls will be proxied to the EC2 metadata API.
