You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@flink.apache.org by "Bohinski, Kevin" <Ke...@comcast.com> on 2020/06/28 19:09:37 UTC
Re: [EXTERNAL] Re: Native K8S IAM Role?
Hi Yang,
Awesome, looking forward to 1.11!
In the meantime, we are using a mutating web hook in case anyone else is facing this...
Best,
kevin
From: Yang Wang <da...@gmail.com>
Date: Saturday, June 27, 2020 at 11:23 PM
To: "Bohinski, Kevin" <Ke...@comcast.com>
Cc: "user@flink.apache.org" <us...@flink.apache.org>
Subject: [EXTERNAL] Re: Native K8S IAM Role?
Hi kevin,
If you mean to add annotations for Flink native K8s session pods, you could use "kubernetes.jobmanager.annotations"
and "kubernetes.taskmanager.annotations"[1]. However, they are only supported from release-1.11. Maybe you could
wait for a little bit more time, 1.11 will be released soon. And we add more features for native K8s integration in 1.11
(e.g. application mode, label, annotation, toleration, etc.).
[1]. https://ci.apache.org/projects/flink/flink-docs-master/ops/config.html#kubernetes<https://urldefense.com/v3/__https:/ci.apache.org/projects/flink/flink-docs-master/ops/config.html*kubernetes__;Iw!!CQl3mcHX2A!ULDBt0kuUlwSJPYMoWXSBl4cXonhzeMiAFpUtVsP4Am1G77FpT6rl8o35FxdplLVN6GdDQ$>
Best,
Yang
Bohinski, Kevin <Ke...@comcast.com>> 于2020年6月26日周五 上午3:09写道:
Hi,
How do we attach an IAM role to the native K8S sessions?
Typically for our other pods we use the following in our yamls:
spec:
template:
metadata:
annotations:
iam.amazonaws.com/role<https://urldefense.com/v3/__http:/iam.amazonaws.com/role__;!!CQl3mcHX2A!ULDBt0kuUlwSJPYMoWXSBl4cXonhzeMiAFpUtVsP4Am1G77FpT6rl8o35FxdplKlhJ55SA$>: ROLE_ARN
Best
kevin
Re: [EXTERNAL] Re: Native K8S IAM Role?
Posted by Yang Wang <da...@gmail.com>.
Using a webhook is really a good direction to support some unreleased Flink
native
k8s features. We are doing the same thing internally.
Best,
Yang
Bohinski, Kevin <Ke...@comcast.com> 于2020年6月29日周一 上午3:09写道:
> Hi Yang,
>
>
>
> Awesome, looking forward to 1.11!
>
> In the meantime, we are using a mutating web hook in case anyone else is
> facing this...
>
>
>
> Best,
>
> kevin
>
>
>
>
>
> *From: *Yang Wang <da...@gmail.com>
> *Date: *Saturday, June 27, 2020 at 11:23 PM
> *To: *"Bohinski, Kevin" <Ke...@comcast.com>
> *Cc: *"user@flink.apache.org" <us...@flink.apache.org>
> *Subject: *[EXTERNAL] Re: Native K8S IAM Role?
>
>
>
> Hi kevin,
>
>
>
> If you mean to add annotations for Flink native K8s session pods, you
> could use "kubernetes.jobmanager.annotations"
>
> and "kubernetes.taskmanager.annotations"[1]. However, they are only
> supported from release-1.11. Maybe you could
>
> wait for a little bit more time, 1.11 will be released soon. And we add
> more features for native K8s integration in 1.11
>
> (e.g. application mode, label, annotation, toleration, etc.).
>
>
>
>
>
> [1].
> https://ci.apache.org/projects/flink/flink-docs-master/ops/config.html#kubernetes
> <https://urldefense.com/v3/__https:/ci.apache.org/projects/flink/flink-docs-master/ops/config.html*kubernetes__;Iw!!CQl3mcHX2A!ULDBt0kuUlwSJPYMoWXSBl4cXonhzeMiAFpUtVsP4Am1G77FpT6rl8o35FxdplLVN6GdDQ$>
>
>
>
> Best,
>
> Yang
>
>
>
> Bohinski, Kevin <Ke...@comcast.com> 于2020年6月26日周五 上午3:09写道:
>
> Hi,
>
>
>
> How do we attach an IAM role to the native K8S sessions?
>
>
>
> Typically for our other pods we use the following in our yamls:
>
> spec:
>
> template:
>
> metadata:
>
> annotations:
>
> iam.amazonaws.com/role
> <https://urldefense.com/v3/__http:/iam.amazonaws.com/role__;!!CQl3mcHX2A!ULDBt0kuUlwSJPYMoWXSBl4cXonhzeMiAFpUtVsP4Am1G77FpT6rl8o35FxdplKlhJ55SA$>:
> ROLE_ARN
>
>
>
> Best
>
> kevin
>
>