clusterpedia icon indicating copy to clipboard operation
clusterpedia copied to clipboard

Published 20 hours ago verified publisher icon clusterpedia-io

Support for IAM external database authentication

Open TNonet opened this issue 8 months ago • 1 comments

What would you like to be added?

Modern cloud providers are pushing people towards IAM-based authentication (away from managing passwords) for all services. AWS RDS and GCP Cloud SQL support IAM authentication for their Postgres and MySQL databases.

Can we discuss allowing Clusterpeida to use role-based authentication for external storage?

Ideally, I could assign a K8s Service Account (SA) to the relevant Clusterpedia Pods, allowing the pod to assume an IAM role allowing access to the DB. AWS Docs:

  • https://docs.aws.amazon.com/eks/latest/userguide/associate-service-account-role.html
  • https://docs.aws.amazon.com/eks/latest/userguide/pod-configuration.html
  • https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html

Separately, it would be nice if the cluster.clusterpedia.io/v1alpha2 resource did not require caData or tokenData itself and could also use K8s Service Accounts to gain access to cluster resources.

Why is this needed?

This would significantly improve the security posture of running Clusterpedia.

TNonet avatar Feb 21 '25 17:02 TNonet