Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove storageSecretRef requirement for Medusa - support AWS IAM Roles for Service Accounts (IRSA) #1152

Closed
JBOClara opened this issue Dec 27, 2023 · 0 comments · Fixed by #1129
Labels
done Issues in the state 'done' enhancement New feature or request

Comments

@JBOClara
Copy link
Contributor

Issue Description:

What is missing?
Currently, the configuration of Medusa within the K8ssandra Operator requires the use of storageSecretRef even though it is marked as optional. This is problematic for setups that utilize AWS IAM Roles for Service Accounts (IRSA) as it necessitates the provision of a ~/.aws/credentials file to Medusa, which is not ideal or necessary when using IRSA.

Why do we need it?
To streamline the integration with AWS services and enhance security, we need the ability to configure Medusa to work with IRSA without the need for a storageSecretRef. This would allow Medusa to assume an IAM role and obtain temporary credentials directly from the AWS environment, eliminating the need to manage static credentials.

Anything else we need to know?:
This feature would greatly benefit users who are managing their Kubernetes clusters on AWS and are relying on the best practices for authentication by using IAM roles. It would also align with the AWS-recommended way of handling permissions for pods that require access to AWS resources.

@JBOClara JBOClara added the enhancement New feature or request label Dec 27, 2023
@github-project-automation github-project-automation bot moved this to Done in K8ssandra Feb 1, 2024
@adejanovski adejanovski added the done Issues in the state 'done' label Feb 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
done Issues in the state 'done' enhancement New feature or request
Projects
No open projects
Archived in project
Development

Successfully merging a pull request may close this issue.

2 participants