Yes I looked at kube2iam, I haven't experimented with it. Given that the service account has access to S3, shouldn't we have a simpler mechanism to connect to underlying resources based on the service account authorization?
On Sat, Apr 3, 2021, 10:10 PM Austin Cawley-Edwards <austin.caw...@gmail.com> wrote: > Hi Swagat, > > I’ve used kube2iam[1] for granting AWS access to Flink pods in the past > with good results. It’s all based on mapping pod annotations to AWS IAM > roles. Is this something that might work for you? > > Best, > Austin > > [1]: https://github.com/jtblin/kube2iam > > On Sat, Apr 3, 2021 at 10:40 AM Swagat Mishra <swaga...@gmail.com> wrote: > >> No we are running on aws. The mechanisms supported by flink to connect to >> resources like S3, need us to make changes that will impact all services, >> something that we don't want to do. So providing the aws secret key ID and >> passcode upfront or iam rules where it connects by executing curl/ http >> calls to connect to S3 , don't work for me. >> >> I want to be able to connect to S3, using aws Api's and if that >> connection can be leveraged by the presto library, that is what I am >> looking for. >> >> Regards, >> Swagat >> >> >> On Sat, Apr 3, 2021, 7:37 PM Israel Ekpo <israele...@gmail.com> wrote: >> >>> Are you running on Azure Kubernetes Service. >>> >>> You should be able to do it because the identity can be mapped to the >>> labels of the pods not necessary Flink. >>> >>> On Sat, Apr 3, 2021 at 6:31 AM Swagat Mishra <swaga...@gmail.com> wrote: >>> >>>> Hi, >>>> >>>> I think flink doesn't support pod identity, any plans tk achieve it in >>>> any subsequent release. >>>> >>>> Regards, >>>> Swagat >>>> >>>> >>>>