yunjiong zhao created FLINK-38987:
-------------------------------------
Summary: Add RRSA (RAM Roles for Service Accounts) support for
Flink OSS FileSystem
Key: FLINK-38987
URL: https://issues.apache.org/jira/browse/FLINK-38987
Project: Flink
Issue Type: Improvement
Components: FileSystems
Affects Versions: 2.1.1, 1.20.3
Reporter: yunjiong zhao
We want to run Flink applications on Alibaba Cloud Kubernetes (ACK). Currently,
flink-oss-fs-hadoop does not support RRSA (RAM Roles for Service Accounts),
which is Alibaba Cloud's equivalent to AWS IRSA (IAM Roles for Service
Accounts).
For security reasons, we need to use different service accounts to access
different OSS buckets with granular, scoped permissions. Hard-coded access keys
pose security risks and are forbidden to use by company policy.
Can we add RRSA support to flink-oss-fs-hadoop, enabling automatic, pod-level
authentication using Kubernetes service accounts—similar to how Flink's S3
connector works with AWS IRSA?
If yes, I can create a PR for the changes I made for testing in ACK.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
