docs(guides): add crossplane with workload-identity guide #1047
Conversation
Signed-off-by: Christopher Haar <christopher.haar@upbound.io>
✅ Deploy Preview for crossplane ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
jbw976
left a comment
jbw976
left a comment
There was a problem hiding this comment.
oh fun, lots of Vale errors to fix here too 😇
https://github.com/crossplane/docs/actions/runs/21406771389/job/61632748813?pr=1047
my agent was able to do pretty well at tackling these last time i had a bunch, it just needs to know how to run Vale locally so it can check if it's doing well, e.g.:
❯ vale --config="./utils/vale/.vale.ini" content/master/
jbw976
left a comment
jbw976
left a comment
There was a problem hiding this comment.
Thanks @haarchri, this will be a very useful foundation to help guide people to set up this not too uncommon scenario for themselves - it will be appreciated.
This material looks reasonable enough with the caveat that I don't know this subject domain very well personally and I definitely didn't try out these instructions myself either.
Let's clean up the vale issues and copy to master and it should be good enough for me.
|
|
||
| Select your cloud provider below for detailed setup instructions: | ||
|
|
||
| {{< tabs >}} |
There was a problem hiding this comment.
hmm, i think the usage of tabs is preventing these sections from being included in the right hand "on this page" navigation - have you seen that before? 🤔
There was a problem hiding this comment.
because the tabs not rendered before in TOC - something to think of in an future PR ... if we need to show content from the tabs in TOC
…sions of docs Signed-off-by: Christopher Haar <christopher.haar@upbound.io>
|
|
||
| {{< hint "important" >}} | ||
| This guide configures the **Crossplane package manager** to pull packages from private registries. However, packages reference container images that run as separate pods (providers and functions). | ||
| {{% hint "important" %}} |
There was a problem hiding this comment.
interesting that these < and > changed to %, all the other ones in the codebase are using the brackets < >. It looks like it still renders on the preview site, but that is different than the guidance the contributing guide gives
There was a problem hiding this comment.
it looks like that change is all over the place here - do you want to global find/replace them back to < > so we are consistent across the entire docs site?
There was a problem hiding this comment.
i was playing around to get the TOC working with tabs ...
| kubectl describe provider provider-aws-s3 | ||
| ``` | ||
|
|
||
| ##### Troubleshooting |
There was a problem hiding this comment.
The troubleshooting section seems to be more indented than its children sections - Troubleshooting should have less # than it's children like Failed to get authorization token, right?
2 participants
This PR adds docs for configuring Crossplane to pull packages from private cloud provider container registries using Kubernetes Workload Identity.
Users frequently encounter issues when trying to use Crossplane with private container registries in managed Kubernetes environments like EKS, AKS, and GKE. While Crossplane already supports workload identity authentication, the setup process and prerequisites are not well documented. This leads to confusion and issue requests, as seen in crossplane/crossplane#6137.
The guide provides step-by-step instructions for configuring workload identity with Crossplane across AWS EKS with IAM Roles for Service Accounts and ECR, Azure AKS with Azure Workload Identity and ACR, and Google Cloud GKE with GKE Workload Identity and Artifact Registry.
This guide helps users leverage Crossplane's existing workload identity support without requiring static credentials or imagePullSecrets.