You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@dlab.apache.org by "Dmitriy Karbyshev (JIRA)" <ji...@apache.org> on 2019/05/27 12:36:00 UTC
[jira] [Commented] (DLAB-701) Legion pods authentication with IAM
roles at GCP
[ https://issues.apache.org/jira/browse/DLAB-701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16848896#comment-16848896 ]
Dmitriy Karbyshev commented on DLAB-701:
----------------------------------------
implemented terraform for Google cloud IAM role, helm chart for kube-google-iam, updated fluentd config, ToDo: do final tests, cleanup, push and create MR's
> Legion pods authentication with IAM roles at GCP
> ------------------------------------------------
>
> Key: DLAB-701
> URL: https://issues.apache.org/jira/browse/DLAB-701
> Project: Apache DLab
> Issue Type: Task
> Components: Legion
> Reporter: Vira Vitanska
> Assignee: Dmitriy Karbyshev
> Priority: Major
> Labels: 1.1.0, K8S_to_PaaS, feature
> Fix For: v.2.2
>
>
> As a Developer I would like to be able to authorize legion components such as fluentd with iam roles specific to the component so I don't have to setup predefined keys in configs.
> Details:
> We have kube2iam implementation at K8S cluster at AWS which provides AWS credentials to the PODs from EC2 Metadata. We need to implement the same feature at GKE cluster as well.
> As for now we grant access to fluentd, airflow and jenkins which store data at per cluster s3 bucket.
> The same approach should be transferred to GCP and automated with terraform.
> AC:
> * kube2iam analog for GCP is implemented with terraform
> * required IAM roles and policies are implemented with terraform
> * fluentd, legion models, jenkins, airflow can get access to GCS storage with IAM roles
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@dlab.apache.org
For additional commands, e-mail: dev-help@dlab.apache.org