You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@dlab.apache.org by "Vira Vitanska (JIRA)" <ji...@apache.org> on 2019/05/23 12:54:00 UTC

[jira] [Created] (DLAB-701) Legion pods authentication with IAM roles at GCP

Vira Vitanska created DLAB-701:
----------------------------------

             Summary: Legion pods authentication with IAM roles at GCP
                 Key: DLAB-701
                 URL: https://issues.apache.org/jira/browse/DLAB-701
             Project: Apache DLab
          Issue Type: Task
          Components: Legion
            Reporter: Vira Vitanska
            Assignee: Dmitriy Karbyshev
             Fix For: v.2.2


As a Developer I would like to be able to authorize legion components such as fluentd with iam roles specific to the component so I don't have to setup predefined keys in configs.

Details:
We have kube2iam implementation at K8S cluster at AWS which provides AWS credentials to the PODs from EC2 Metadata. We need to implement the same feature at GKE cluster as well.
As for now we grant access to fluentd, airflow and jenkins which store data at per cluster s3 bucket.
The same approach should be transferred to GCP and automated with terraform.

AC:
 * kube2iam analog for GCP is implemented with terraform
 * required IAM roles and policies are implemented with terraform
 * fluentd, legion models, jenkins, airflow can get access to GCS storage with IAM roles



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@dlab.apache.org
For additional commands, e-mail: dev-help@dlab.apache.org