-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
operator: adds AWS sts support #11481
Conversation
Trivy scan found the following vulnerabilities:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. Couple of points still missing:
- Introduce the custom serviceaccount per LokiStack. Maybe we should do this as a pre-requisite PR and consider backporting this?
- Should we make the
audience
field in the service account projection volume configurable for non-OpenShift clusters?
Yes 💯 In regards to the comments on separating functionality into separate smaller functions, I'm always divided by this, simply because usually it implies having in mind more functions might or not be used in a code path. I have an idea to make the switch case more digestible where we land. |
manifests/storage/configure.go
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor improvements, I think we arrived at the finish line.
Co-authored-by: Periklis Tsirakidis <periklis@nefeli.eu>
Adds support for users to configure the S3 object storage with AWS STS. Co-authored-by: Periklis Tsirakidis <periklis@nefeli.eu> Co-authored-by: Periklis Tsirakidis <periklis@redhat.com>
Is this feature open for new users who wants to use Loki with s3 in STS? |
@shriyo101 Yes of course. Please consider the enhancement doc: https://loki-operator.dev/docs/short_lived_tokens_authentication.md/#aws-secure-token-service |
What this PR does / why we need it:
Adds support for users to configure the S3 object storage with AWS STS.
Which issue(s) this PR fixes:
Special notes for your reviewer:
To test you need:
role_arn
,region
,bucketnames
andaudience
;Checklist
CONTRIBUTING.md
guide (required)CHANGELOG.md
updatedadd-to-release-notes
labeldocs/sources/setup/upgrade/_index.md
production/helm/loki/Chart.yaml
and updateproduction/helm/loki/CHANGELOG.md
andproduction/helm/loki/README.md
. Example PRdeprecated-config.yaml
anddeleted-config.yaml
files respectively in thetools/deprecated-config-checker
directory. Example PR