Can you describe your setup a little bit more? And perhaps how you use this setup to grant access to other non-Flink pods?
On Sat, Apr 3, 2021 at 2:29 PM Swagat Mishra <swaga...@gmail.com> wrote: > Yes I looked at kube2iam, I haven't experimented with it. > > Given that the service account has access to S3, shouldn't we have a > simpler mechanism to connect to underlying resources based on the service > account authorization? > > On Sat, Apr 3, 2021, 10:10 PM Austin Cawley-Edwards < > austin.caw...@gmail.com> wrote: > >> Hi Swagat, >> >> I’ve used kube2iam[1] for granting AWS access to Flink pods in the past >> with good results. It’s all based on mapping pod annotations to AWS IAM >> roles. Is this something that might work for you? >> >> Best, >> Austin >> >> [1]: https://github.com/jtblin/kube2iam >> >> On Sat, Apr 3, 2021 at 10:40 AM Swagat Mishra <swaga...@gmail.com> wrote: >> >>> No we are running on aws. The mechanisms supported by flink to connect >>> to resources like S3, need us to make changes that will impact all >>> services, something that we don't want to do. So providing the aws secret >>> key ID and passcode upfront or iam rules where it connects by executing >>> curl/ http calls to connect to S3 , don't work for me. >>> >>> I want to be able to connect to S3, using aws Api's and if that >>> connection can be leveraged by the presto library, that is what I am >>> looking for. >>> >>> Regards, >>> Swagat >>> >>> >>> On Sat, Apr 3, 2021, 7:37 PM Israel Ekpo <israele...@gmail.com> wrote: >>> >>>> Are you running on Azure Kubernetes Service. >>>> >>>> You should be able to do it because the identity can be mapped to the >>>> labels of the pods not necessary Flink. >>>> >>>> On Sat, Apr 3, 2021 at 6:31 AM Swagat Mishra <swaga...@gmail.com> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> I think flink doesn't support pod identity, any plans tk achieve it in >>>>> any subsequent release. >>>>> >>>>> Regards, >>>>> Swagat >>>>> >>>>> >>>>>