堆栈内存溢出
  简体   繁体   English

有没有办法在 Docker swarm 中运行每个服务以使用不同的 IAM 角色运行

[英]Is there a way to run each service in Docker swarm to run with different IAM roles

 原文  2020-10-21 19:08:13       amazon-web-services/ docker/ amazon-iam/ docker-swarm/ docker-swarm-mode

问题描述

I want to spin up a docker swarm cluster on AWS.我想在 AWS 上启动一个 docker swarm 集群。 We plan to use IAM roles to define the access level of each service inside the docker swarm cluster.我们计划使用 IAM 角色来定义 docker swarm 集群内每个服务的访问级别。 Is there a way to achieve this?有没有办法实现这一目标? I did go through below article but it was 4 years ago and I believe there would have been progress in this are since Kubernetes have a provision of specifying role for every namespace.我确实阅读了下面的文章,但那是 4 年前的事了,我相信这方面会取得进展,因为 Kubernetes 规定了为每个命名空间指定角色。 Do we have something like this for docker swarm ?我们对 docker swarm 有这样的东西吗?

https://eng.lyft.com/scoping-aws-iam-roles-to-docker-containers-c9c5f8f2f75 https://eng.lyft.com/scoping-aws-iam-roles-to-docker-containers-c9c5f8f2f75

1 个解决方案

解决方案1
 0 已采纳  2020-10-21 19:19:36

There is no native way to have Docker Swarm services have an assigned role at this time, AWS does not have access to services on EC2 hosts.目前没有本地方式让 Docker Swarm 服务具有指定的角色,AWS 无法访问 EC2 主机上的服务。

A number of third party solutions exist which will essentially assume a role that exists in AWS and then pass these temporary credentials as environment variables into each Docker container.存在许多第三方解决方案,它们基本上会承担 AWS 中存在的角色,然后将这些临时凭证作为环境变量传递到每个 Docker 容器中。 To do this the EC2 host would need an IAM role that has permissions to assume the role(s) that are required.为此,EC2 主机需要一个 IAM 角色,该角色有权代入所需的角色。

Whilst AWS does not support IAM roles on docker swarm they do have 2 container orchestration based products:虽然 AWS 不支持 docker swarm 上的 IAM 角色,但它们确实有 2 个基于容器编排的产品:

  • ECS - A custom Amazon product built to run production-scale Docker containers ECS - 为运行生产规模的 Docker 容器而构建的自定义 Amazon 产品
  • EKS - A Amazon managed Kubernetes orchestration layer EKS - 亚马逊托管的 Kubernetes 编排层

Both of these products allow a Task IAM role that can provided to the containers that are running in the solution.这两种产品都允许一个 Task IAM 角色,该角色可以提供给在解决方案中运行的容器。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS IAM - 撤销服务相关角色的临时凭证的最佳方式 - ec2 服务相关角色 - AWS IAM - best way to revoke temporary credentials for service linked roles-ec2 service linked role 在 Terraform 中创建具有不同策略的多个 IAM 角色 - Create multiple IAM roles with different policies in Terraform 如何将我的网站作为https运行在AWS中作为Docker swarm集群运行? - How to run my website as https which is running as Docker swarm cluster in AWS? 以 IAM 用户身份运行 AWS lambda - Run AWS lambda as an IAM user IAM 角色不适用于 golang Docker 容器 - IAM Roles don't work with golang Docker containers docker 在不同的端口上运行 mongo 图像 - docker run mongo image on a different port EC2需要哪个IAM策略才能运行boto3来调用AWS服务? - Which IAM Policy require for EC2 to run boto3 to call aws service? AWS:限制不同 IAM 用户可以将哪些 IAM 角色附加到 EC2 实例 - AWS: Limit which IAM roles can be attached to an EC2 instance by different IAM users 如何让 Docker Swarm 管理器使用 IAM 角色权限从 AWS ECR 中提取图像? - How do I get a Docker Swarm manager to pull images from AWS ECR using IAM Role permissions? 运行Boto功能所需的最低IAM策略 - Minimum IAM policy required to run Boto functions
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM