[英]Is there a way to run each service in Docker swarm to run with different IAM roles
I want to spin up a docker swarm cluster on AWS.我想在 AWS 上启动一个 docker swarm 集群。 We plan to use IAM roles to define the access level of each service inside the docker swarm cluster.我们计划使用 IAM 角色来定义 docker swarm 集群内每个服务的访问级别。 Is there a way to achieve this?有没有办法实现这一目标? I did go through below article but it was 4 years ago and I believe there would have been progress in this are since Kubernetes have a provision of specifying role for every namespace.我确实阅读了下面的文章,但那是 4 年前的事了,我相信这方面会取得进展,因为 Kubernetes 规定了为每个命名空间指定角色。 Do we have something like this for docker swarm ?我们对 docker swarm 有这样的东西吗?
https://eng.lyft.com/scoping-aws-iam-roles-to-docker-containers-c9c5f8f2f75 https://eng.lyft.com/scoping-aws-iam-roles-to-docker-containers-c9c5f8f2f75
There is no native way to have Docker Swarm services have an assigned role at this time, AWS does not have access to services on EC2 hosts.目前没有本地方式让 Docker Swarm 服务具有指定的角色,AWS 无法访问 EC2 主机上的服务。
A number of third party solutions exist which will essentially assume a role that exists in AWS and then pass these temporary credentials as environment variables into each Docker container.存在许多第三方解决方案,它们基本上会承担 AWS 中存在的角色,然后将这些临时凭证作为环境变量传递到每个 Docker 容器中。 To do this the EC2 host would need an IAM role that has permissions to assume the role(s) that are required.为此,EC2 主机需要一个 IAM 角色,该角色有权代入所需的角色。
Whilst AWS does not support IAM roles on docker swarm they do have 2 container orchestration based products:虽然 AWS 不支持 docker swarm 上的 IAM 角色,但它们确实有 2 个基于容器编排的产品:
Both of these products allow a Task IAM role that can provided to the containers that are running in the solution.这两种产品都允许一个 Task IAM 角色,该角色可以提供给在解决方案中运行的容器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.