Distribution: Feature request: upgrade aws-sdk-go to support IRSA

Created on 23 Sep 2019  路  3Comments  路  Source: distribution/distribution

Amazon recently released support for IRSA (IAM Roles for Service Accounts), which is supported starting in aws-sdk-go 1.23.13.

From my understanding the IRSA workflow checks environment variables for relevant credentials. If that's true, upgrading the aws-sdk-go dependency to >= 1.23.13 should do the trick here. Then again, it looks like Docker Distribution is currently using version 1.15.11, so this might require some peripheral changes.

References

picture tmeneau
👍9

Most helpful comment

Hi, for context this will make deploying on EKS much easier and secure since we won't have to embed IAM credentials into our kub deployments.

picture cep21 on 3 Dec 2020
👍5

All 3 comments

I just tried building the registry with aws-sdk-go v1.28.2 and deploying to EKS to see if that would provide support for IRSA with no luck. I haven't looked too deeply at this but there might be more steps beyond bumping the SDK version.

jonathan-mothership picture jonathan-mothership on 16 Jan 2020

any progress on this?

jackivanov picture jackivanov on 1 Dec 2020

Hi, for context this will make deploying on EKS much easier and secure since we won't have to embed IAM credentials into our kub deployments.

cep21 picture cep21 on 3 Dec 2020
👍5
Was this page helpful?
0 / 5 - 0 ratings

Related issues

paochiang picture paochiang  路  5Comments
danieltan picture danieltan  路  3Comments
ghost picture ghost  路  5Comments
luke-park picture luke-park  路  5Comments
itmecho picture itmecho  路  4Comments