You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What is missing?
Currently, the configuration of Medusa within the K8ssandra Operator requires the use of storageSecretRef even though it is marked as optional. This is problematic for setups that utilize AWS IAM Roles for Service Accounts (IRSA) as it necessitates the provision of a ~/.aws/credentials file to Medusa, which is not ideal or necessary when using IRSA.
Why do we need it?
To streamline the integration with AWS services and enhance security, we need the ability to configure Medusa to work with IRSA without the need for a storageSecretRef. This would allow Medusa to assume an IAM role and obtain temporary credentials directly from the AWS environment, eliminating the need to manage static credentials.
Anything else we need to know?:
This feature would greatly benefit users who are managing their Kubernetes clusters on AWS and are relying on the best practices for authentication by using IAM roles. It would also align with the AWS-recommended way of handling permissions for pods that require access to AWS resources.
The text was updated successfully, but these errors were encountered:
Issue Description:
What is missing?
Currently, the configuration of Medusa within the K8ssandra Operator requires the use of
storageSecretRef
even though it is marked as optional. This is problematic for setups that utilize AWS IAM Roles for Service Accounts (IRSA) as it necessitates the provision of a~/.aws/credentials
file to Medusa, which is not ideal or necessary when using IRSA.Why do we need it?
To streamline the integration with AWS services and enhance security, we need the ability to configure Medusa to work with IRSA without the need for a
storageSecretRef
. This would allow Medusa to assume an IAM role and obtain temporary credentials directly from the AWS environment, eliminating the need to manage static credentials.Anything else we need to know?:
This feature would greatly benefit users who are managing their Kubernetes clusters on AWS and are relying on the best practices for authentication by using IAM roles. It would also align with the AWS-recommended way of handling permissions for pods that require access to AWS resources.
The text was updated successfully, but these errors were encountered: