search

awslabs / mountpoint-s3-csi-driver

Built on Mountpoint for Amazon S3, the Mountpoint CSI driver presents an Amazon S3 bucket as a storage volume accessible by containers in your Kubernetes cluster.
Apache License 2.0
153 stars 18 forks source link

Support control which buckets specific pod can mount #135

Closed tom10271 closed 5 months ago

tom10271 commented 5 months ago

/feature

Is your feature request related to a problem? Please describe. According to this doc it means I need to authorize the S3 CSI addon which buckets it can mount to pods, the problem is I don't want different pods be able to mount limited set of buckets but not all buckets the addon can mount.

Assuming I have 3 distinct projects hosted in EKS, they have their own set of assets and config files stored in S3. Project B should not mount Project A's bucket and potentially touches or views what are inside.

Describe the solution you'd like in detail Is it possible to use EKS Pod Identity or allowing us to specific which role to use on mounting S3 buckets annotating in PVC?

Describe alternatives you've considered

Additional context

jjkr commented 5 months ago

Thank you for the request. I am going to close this as a duplicate in favor of these issues: https://github.com/awslabs/mountpoint-s3-csi-driver/issues/136 https://github.com/awslabs/mountpoint-s3-csi-driver/issues/111

Please comment on those or open a new issue if they do not address your use case or there is additional detail you would like to add.