Native K8S IAM Role?
Hi, How do we attach an IAM role to the native K8S sessions? Typically for our other pods we use the following in our yamls: spec: template: metadata: annotations: iam.amazonaws.com/role: ROLE_ARN Best kevin
Re: Native K8S IAM Role?
(via https://github.com/jtblin/kube2iam ) On 2020/06/25 19:08:41, "Bohinski, Kevin" mailto:k...@comcast.com>> wrote: > Hi,> > > > > How do we attach an IAM role to the native K8S sessions?> > > > > Typically for our other pods we use the following in our yamls:> > > spec:> > > template:> > > metadata:> > > annotations:> > > iam.amazonaws.com/role: ROLE_ARN> > > > > Best> > > kevin> > > Best, kevin
Re: Native K8S IAM Role?
Hi kevin, If you mean to add annotations for Flink native K8s session pods, you could use "kubernetes.jobmanager.annotations" and "kubernetes.taskmanager.annotations"[1]. However, they are only supported from release-1.11. Maybe you could wait for a little bit more time, 1.11 will be released soon. And we add more features for native K8s integration in 1.11 (e.g. application mode, label, annotation, toleration, etc.). [1]. https://ci.apache.org/projects/flink/flink-docs-master/ops/config.html#kubernetes Best, Yang Bohinski, Kevin 于2020年6月26日周五 上午3:09写道: > Hi, > > > > How do we attach an IAM role to the native K8S sessions? > > > > Typically for our other pods we use the following in our yamls: > > spec: > > template: > > metadata: > > annotations: > > iam.amazonaws.com/role: ROLE_ARN > > > > Best > > kevin >
Re: [EXTERNAL] Re: Native K8S IAM Role?
Hi Yang, Awesome, looking forward to 1.11! In the meantime, we are using a mutating web hook in case anyone else is facing this... Best, kevin From: Yang Wang Date: Saturday, June 27, 2020 at 11:23 PM To: "Bohinski, Kevin" Cc: "user@flink.apache.org" Subject: [EXTERNAL] Re: Native K8S IAM Role? Hi kevin, If you mean to add annotations for Flink native K8s session pods, you could use "kubernetes.jobmanager.annotations" and "kubernetes.taskmanager.annotations"[1]. However, they are only supported from release-1.11. Maybe you could wait for a little bit more time, 1.11 will be released soon. And we add more features for native K8s integration in 1.11 (e.g. application mode, label, annotation, toleration, etc.). [1]. https://ci.apache.org/projects/flink/flink-docs-master/ops/config.html#kubernetes<https://urldefense.com/v3/__https:/ci.apache.org/projects/flink/flink-docs-master/ops/config.html*kubernetes__;Iw!!CQl3mcHX2A!ULDBt0kuUlwSJPYMoWXSBl4cXonhzeMiAFpUtVsP4Am1G77FpT6rl8o35FxdplLVN6GdDQ$> Best, Yang Bohinski, Kevin mailto:kevin_bohin...@comcast.com>> 于2020年6月26日周五 上午3:09写道: Hi, How do we attach an IAM role to the native K8S sessions? Typically for our other pods we use the following in our yamls: spec: template: metadata: annotations: iam.amazonaws.com/role<https://urldefense.com/v3/__http:/iam.amazonaws.com/role__;!!CQl3mcHX2A!ULDBt0kuUlwSJPYMoWXSBl4cXonhzeMiAFpUtVsP4Am1G77FpT6rl8o35FxdplKlhJ55SA$>: ROLE_ARN Best kevin
Re: [EXTERNAL] Re: Native K8S IAM Role?
Using a webhook is really a good direction to support some unreleased Flink native k8s features. We are doing the same thing internally. Best, Yang Bohinski, Kevin 于2020年6月29日周一 上午3:09写道: > Hi Yang, > > > > Awesome, looking forward to 1.11! > > In the meantime, we are using a mutating web hook in case anyone else is > facing this... > > > > Best, > > kevin > > > > > > *From: *Yang Wang > *Date: *Saturday, June 27, 2020 at 11:23 PM > *To: *"Bohinski, Kevin" > *Cc: *"user@flink.apache.org" > *Subject: *[EXTERNAL] Re: Native K8S IAM Role? > > > > Hi kevin, > > > > If you mean to add annotations for Flink native K8s session pods, you > could use "kubernetes.jobmanager.annotations" > > and "kubernetes.taskmanager.annotations"[1]. However, they are only > supported from release-1.11. Maybe you could > > wait for a little bit more time, 1.11 will be released soon. And we add > more features for native K8s integration in 1.11 > > (e.g. application mode, label, annotation, toleration, etc.). > > > > > > [1]. > https://ci.apache.org/projects/flink/flink-docs-master/ops/config.html#kubernetes > <https://urldefense.com/v3/__https:/ci.apache.org/projects/flink/flink-docs-master/ops/config.html*kubernetes__;Iw!!CQl3mcHX2A!ULDBt0kuUlwSJPYMoWXSBl4cXonhzeMiAFpUtVsP4Am1G77FpT6rl8o35FxdplLVN6GdDQ$> > > > > Best, > > Yang > > > > Bohinski, Kevin 于2020年6月26日周五 上午3:09写道: > > Hi, > > > > How do we attach an IAM role to the native K8S sessions? > > > > Typically for our other pods we use the following in our yamls: > > spec: > > template: > > metadata: > > annotations: > > iam.amazonaws.com/role > <https://urldefense.com/v3/__http:/iam.amazonaws.com/role__;!!CQl3mcHX2A!ULDBt0kuUlwSJPYMoWXSBl4cXonhzeMiAFpUtVsP4Am1G77FpT6rl8o35FxdplKlhJ55SA$>: > ROLE_ARN > > > > Best > > kevin > >
