You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@dlab.apache.org by "Vira Vitanska (JIRA)" <ji...@apache.org> on 2019/05/23 12:54:00 UTC
[jira] [Created] (DLAB-701) Legion pods authentication with IAM
roles at GCP
Vira Vitanska created DLAB-701:
----------------------------------
Summary: Legion pods authentication with IAM roles at GCP
Key: DLAB-701
URL: https://issues.apache.org/jira/browse/DLAB-701
Project: Apache DLab
Issue Type: Task
Components: Legion
Reporter: Vira Vitanska
Assignee: Dmitriy Karbyshev
Fix For: v.2.2
As a Developer I would like to be able to authorize legion components such as fluentd with iam roles specific to the component so I don't have to setup predefined keys in configs.
Details:
We have kube2iam implementation at K8S cluster at AWS which provides AWS credentials to the PODs from EC2 Metadata. We need to implement the same feature at GKE cluster as well.
As for now we grant access to fluentd, airflow and jenkins which store data at per cluster s3 bucket.
The same approach should be transferred to GCP and automated with terraform.
AC:
* kube2iam analog for GCP is implemented with terraform
* required IAM roles and policies are implemented with terraform
* fluentd, legion models, jenkins, airflow can get access to GCS storage with IAM roles
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@dlab.apache.org
For additional commands, e-mail: dev-help@dlab.apache.org