1. Answers
  2. Adding Annotations to a Kubernetes Service Account

How do I add annotations to a Kubernetes service account for pod identity?

In this guide, we will demonstrate how to add annotations to a Kubernetes service account for pod identity using Pulumi. Annotations can be used to associate Kubernetes service accounts with IAM roles, enabling pods to assume these roles and access AWS resources securely.

Key Points:

  • Define a Kubernetes namespace.
  • Create a Kubernetes service account.
  • Add annotations to the service account for pod identity.
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Define a Kubernetes namespace
const namespace = new k8s.core.v1.Namespace("example-namespace", {
    metadata: {
        name: "example-namespace",
    },
});

// Create a Kubernetes service account
const serviceAccount = new k8s.core.v1.ServiceAccount("example-service-account", {
    metadata: {
        name: "example-service-account",
        namespace: namespace.metadata.name,
        annotations: {
            "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/ExampleRole",
        },
    },
});

// Export the service account name
export const serviceAccountName = serviceAccount.metadata.name;

Summary

In this guide, we created a Kubernetes namespace and a service account within that namespace. We then added annotations to the service account to associate it with an IAM role for pod identity. This setup allows pods using this service account to assume the specified IAM role and securely access AWS resources.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up