[ https://issues.apache.org/jira/browse/DLAB-701?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vira Vitanska updated DLAB-701: ------------------------------- Labels: 1.1.0 K8S_to_PaaS feature (was: K8S_to_PaaS feature) > Legion pods authentication with IAM roles at GCP > ------------------------------------------------ > > Key: DLAB-701 > URL: https://issues.apache.org/jira/browse/DLAB-701 > Project: Apache DLab > Issue Type: Task > Components: Legion > Reporter: Vira Vitanska > Assignee: Dmitriy Karbyshev > Priority: Major > Labels: 1.1.0, K8S_to_PaaS, feature > Fix For: v.2.2 > > > As a Developer I would like to be able to authorize legion components such as > fluentd with iam roles specific to the component so I don't have to setup > predefined keys in configs. > Details: > We have kube2iam implementation at K8S cluster at AWS which provides AWS > credentials to the PODs from EC2 Metadata. We need to implement the same > feature at GKE cluster as well. > As for now we grant access to fluentd, airflow and jenkins which store data > at per cluster s3 bucket. > The same approach should be transferred to GCP and automated with terraform. > AC: > * kube2iam analog for GCP is implemented with terraform > * required IAM roles and policies are implemented with terraform > * fluentd, legion models, jenkins, airflow can get access to GCS storage > with IAM roles -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@dlab.apache.org For additional commands, e-mail: dev-h...@dlab.apache.org