Vira Vitanska created DLAB-701:
----------------------------------
Summary: Legion pods authentication with IAM roles at GCP
Key: DLAB-701
URL: https://issues.apache.org/jira/browse/DLAB-701
Project: Apache DLab
Issue Type: Task
Components: Legion
Reporter: Vira Vitanska
Assignee: Dmitriy Karbyshev
Fix For: v.2.2
As a Developer I would like to be able to authorize legion components such as
fluentd with iam roles specific to the component so I don't have to setup
predefined keys in configs.
Details:
We have kube2iam implementation at K8S cluster at AWS which provides AWS
credentials to the PODs from EC2 Metadata. We need to implement the same
feature at GKE cluster as well.
As for now we grant access to fluentd, airflow and jenkins which store data at
per cluster s3 bucket.
The same approach should be transferred to GCP and automated with terraform.
AC:
* kube2iam analog for GCP is implemented with terraform
* required IAM roles and policies are implemented with terraform
* fluentd, legion models, jenkins, airflow can get access to GCS storage with
IAM roles
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
