Open
Description
Hi,
I've been looking for efficient ways to install k8s on AWS recently, and kops is really awsome, thank you for doing this.
I noticed that kops docs suggests to perform the installation with *FullAccess policies, which is forbidden in the company I'm working for.
Do you think it's possible to provide or figure the explicit write Actions or Operations easily during kops installing the k8s cluster?
i.e. below is the write actions I summarised for installing k8s on Existing VPC and Subnets
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:CreateInstanceProfile",
"iam:CreateRole",
"iam:AddRoleToInstanceProfile",
"iam:PutRolePolicy",
"iam:DeleteRolePolicy",
"iam:RemoveRoleFromInstanceProfile",
"iam:DeleteRole",
"iam:DeleteInstanceProfile",
"iam:PassRole"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateKeyPair",
"ec2:DeleteKeyPair",
"ec2:ImportKeyPair",
"ec2:TerminateInstances",
"ec2:CreateVolume",
"ec2:DeleteVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:RevokeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:DeleteSecurityGroup",
"ec2:CreateTags"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"autoscaling:AttachLoadBalancers",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:DeleteLaunchConfiguration",
"autoscaling:CreateLaunchConfiguration"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:ConfigureHealthCheck",
"elasticloadbalancing:ModifyLoadBalancerAttributes"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": "*"
}
]
}