Provide a better authentication method for Kubernetes clusters with autoscaling

[baaastijn]

Context

Many of our customers have K8s clusters. Cluster have nodes who vary over time. Amount and IPs. It’s really boring to add each ip manually for ACL. We Need to find an easier way (long term : having an IAM)

User story

As a customer I want a smart way to authorize a whole Kubernetes cluster to access one or multiple DB cluster, with autoscaling into account So that When I have new nodes, I don’t need to authorize them IP by IP

related customer issue : https://github.com/ovh/public-cloud-roadmap/issues/281

Scope : All DBMS

Acceptance criterias

• mandatory : adding or removing nodes in a K8S cluster is taken into authorization access
• mandatory : a K8S cluster can be authorized for multiple DbaaS.
• mandatory : a DBaaS can be authorized for multiple K8s
• mandatory : works with any K8s cluster, inside of outside OVHcloud, in public network or private network.
• mandatory : work with cluster and k8s from different goegraphical locations
• accepted limitation : authorization can be done via "code", not via API/CLI or even UI

Follow, Vote and give your Feedback

You can follow this task with the notification on the right tab. Ask us anything here in the comments below, and vote with emojis for most requested items ! 👍 to vote for this issue

Discuss on Discord

Feel free to discuss with us on https://discord.gg/ovhcloud