[
https://issues.apache.org/jira/browse/DLAB-701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16868425#comment-16868425
]
Dmitriy Karbyshev commented on DLAB-701:
----------------------------------------
Legion PR:
[https://github.com/legion-platform/legion/pull/914]
> Legion pods authentication with IAM roles at GCP
> ------------------------------------------------
>
> Key: DLAB-701
> URL: https://issues.apache.org/jira/browse/DLAB-701
> Project: Apache DLab
> Issue Type: Task
> Components: Legion
> Reporter: Vira Vitanska
> Assignee: Dmitriy Karbyshev
> Priority: Major
> Labels: 1.1.0, K8S_to_PaaS, feature
> Fix For: v.2.2
>
>
> As a Developer I would like to be able to authorize legion components such as
> fluentd with iam roles specific to the component so I don't have to setup
> predefined keys in configs.
> Details:
> We have kube2iam implementation at K8S cluster at AWS which provides AWS
> credentials to the PODs from EC2 Metadata. We need to implement the same
> feature at GKE cluster as well.
> As for now we grant access to fluentd, airflow and jenkins which store data
> at per cluster s3 bucket.
> The same approach should be transferred to GCP and automated with terraform.
> AC:
> * kube2iam analog for GCP is implemented with terraform
> * required IAM roles and policies are implemented with terraform
> * fluentd, legion models, jenkins, airflow can get access to GCS storage
> with IAM roles
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
