[
https://issues.apache.org/jira/browse/FLINK-38987?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Maximilian Michels reassigned FLINK-38987:
------------------------------------------
Assignee: yunjiong zhao
> Add RRSA (RAM Roles for Service Accounts) support for Flink OSS FileSystem
> --------------------------------------------------------------------------
>
> Key: FLINK-38987
> URL: https://issues.apache.org/jira/browse/FLINK-38987
> Project: Flink
> Issue Type: Improvement
> Components: FileSystems
> Affects Versions: 1.20.3, 2.1.1
> Reporter: yunjiong zhao
> Assignee: yunjiong zhao
> Priority: Major
>
> We want to run Flink applications on Alibaba Cloud Kubernetes (ACK).
> Currently, flink-oss-fs-hadoop does not support RRSA (RAM Roles for Service
> Accounts), which is Alibaba Cloud's equivalent to AWS IRSA (IAM Roles for
> Service Accounts).
> For security reasons, we need to use different service accounts to access
> different OSS buckets with granular, scoped permissions. Hard-coded access
> keys pose security risks and are forbidden to use by company policy.
> Can we add RRSA support to flink-oss-fs-hadoop, enabling automatic, pod-level
> authentication using Kubernetes service accounts—similar to how Flink's S3
> connector works with AWS IRSA?
> If yes, I can create a PR for the changes I made for testing in ACK.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
