Topic 1 Question 319
A company is using Amazon Elastic Kubernetes Service (Amazon EKS) to run its applications. The EKS cluster is successfully running multiple pods. The company stores the pod images in Amazon Elastic Container Registry (Amazon ECR).
The company needs to configure Pod Identity access for the EKS cluster. The company has already updated the node IAM role by using the permissions for Pod Identity access.
Which solution will meet these requirements?
Create an IAM OpenID Connect (OIDC) provider for the EKS cluster.
Ensure that the nodes can reach the EKS Auth API. Add and configure the EKS Pod Identity Agent add-on for the EKS cluster.
Create an EKS access entry that uses the API_AND-CONFIG_MAP cluster authentication mode.
Configure the AWS Security Token Service (AWS STS) endpoint for the Kubernetes service account that the pods in the EKS cluster use.
ユーザの投票
コメント(7)
- 正解だと思う選択肢: B
Question is not talking about IRSA Pod identities do not need OIDC
👍 3CHRIS127222222024/12/28 - 正解だと思う選択肢: B
Pod Identity is a "new" way to provide Pod access to AWS services and does not rely on OIDC. Instead you have to setup the EKS Pod Identity Agent and must ensure kubernetes nodes can reach the EKS Auth API endpoint. https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html
👍 2pma172024/12/04 - 正解だと思う選択肢: B
question doesnt state the pods are using irsa so the eks addon should work just fine with pod identity
👍 2gildzeee2024/12/23
シャッフルモード