Passwordless Access for Amazon EKS
Configure AWS AssumeRole and JFrog Registry Operator for passwordless EKS cluster authentication without stored secrets.
Introduced a new Kubernetes kubelet credential provider for Amazon EKS, Azure AKS and Google GKE that enables seamless, passwordless authentication with JFrog Artifactory for container image pulls, eliminating the need for manual image pull secret management.
For more information, see JFrog Credentials Provider.
JFrog Platform can leverage AWS AssumeRole to provide a passwordless access experience in Amazon EKS. AssumeRole authentication allows AWS users to use roles assigned to them to create temporary authentication tokens that can be used in the JFrog Platform.
AWS AssumeRole includes a set of temporary credentials that grant access to AWS resources that you might not have access to otherwise. These temporary credentials consist of an access key ID, a secret access key, and a session token. These short-lived secrets are stored in the Docker repository.
When you configure passwordless access with AWS AssumeRole, you enable the download and upload of artifacts from a Docker repository without the need to create and rotate secrets, or store these secrets in the Docker repository. Using this process improves Docker repository security by using non-refreshable short-lived tokens to pull and push docker images, without exposing any admin master keys for rotation.
The system does not send your secret access key at any time and instead uses AWS SigV4A capabilities. No AWS secrets are sent outside of the EKS system.
You must provision permissions in the EKS cluster before you proceed with the configuration.
AWS EKS Requirements
The minimum EC2 node requirement in the cluster is t2.medium and higher.
To configure passwordless access, complete the following tasks.
**Follow one of the following methods:**
- For a single-step installation, follow the Terraform approach to set up a complete JFrog Registry Operator.
or
- Configure the EKS Cluster with the AWS policy and IAM role
- Configure JFrog Platform for Passwordless Access to EKS
- Install the JFrog Registry Operator in EKS
Permissions for Passwordless Access to EKS Cluster
The Helm charts for the JFrog Registry operator create the required permissions in the EKS cluster before you continue with the configuration process.
EKS Cluster Configuration with AWS Policy and IAM Role
Configure an Amazon EKS cluster with the required AWS IAM policy and role to enable passwordless access for JFrog Platform services running in Kubernetes.
Platform Passwordless Access Configuration for EKS
Configure the JFrog Platform with the information required after completing the passwordless access configuration in the EKS platform.
Registry Operator Installation in EKS
Install the JFrog Registry Operator in an Amazon EKS cluster to enable passwordless authentication between Kubernetes workloads and JFrog Artifactory.
Updated 8 days ago