Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-4544

Operator - Add support for AWS Secure Token Service (STS) config

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major Major
    • Logging 5.9.0
    • Logging 5.9.0
    • Log Storage
    • None
    • Log Storage - Sprint 245, Log Storage - Sprint 246, Log Storage - Sprint 247, Log Storage - Sprint 248, Log Storage - Sprint 249

      Description

      As a LokiStack administrator I want to configure LokiStack object storage secret to using AWS STS service to control access to object storage.

      Acceptance Criteria

      1. The LokiStack administrator can configure an S3 object storage secret without providing values for the keys access_key_id, access_key_secret
      2. The LokiStack administrator can provide a custom role_arn in the S3 object storage secret

      Developer Notes

      1. Expand the LokiStack S3 Object Storage Secret Docs to explain how to use STS.
      2. Make the access_key_id and access_key_secret optional
      3. Provide values for role_arn and region.
      4. The Loki Operator uses the k8s serviceaccount token path asĀ  web_identity_token_file.
      5. The Loki Operator creates a serviceaccount for each LokiStack instance.
      6. The role_arn and web_identity_token_file are required to be passed to Loki as environment variables: AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE to enable the Loki AWS SDK client connect to STS.

              jmarcal@redhat.com Joao Marcal
              ptsiraki@redhat.com Periklis Tsirakidis
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: