RRSA (RamRoleforServiceAccount) support for Alibaba Cloud #5019
Comments
NIZ-elsevier
added
the
kind/feature
|
Hi Niz, this project is primarily community-maintained. Implementing this feature might require in-depth knowledge of Alibaba Cloud, which could be challenging for us. Would you be willing to submit a pull request? |
|
Hi @ivankatliarchuk, thank you for your quick reply. I am contacting with the vendor Alibaba Cloud about this, see if they can help us to provide the feature, as they know the best of RRSA. We are the end user of the product. If we have the capacity, we will definitely consider contributing to the project ourselves. |
|
/help |
|
@ivankatliarchuk: GuidelinesPlease ensure that the issue body includes answers to the following questions:
For more details on the requirements of such an issue, please see here and ensure that they are met. If this request no longer meets these requirements, the label can be removed In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
the
help wanted
What would you like to be added: RRSA (RamRoleforServiceAccount) authentication support for Alibaba Cloud
Why is this needed:
Similar to IRSA in AWS, applications in a Pod’s containers can make requests to Alicloud APIs with dedicated roles to the service account. This will allow the external dns pod to use the service account to get the credentials from the RAM role, not using the worker node instance role anymore, which is a much more secured approach.
As now Alicloud has provided wider support of RRSA, I would like to request the same feature for
external-dns, following other components such as ack-secret-manager.The similar issue was raised here. The vendor is instructing me to raise it again.
The text was updated successfully, but these errors were encountered: