Openshift 4 and S3 authentication

[forzamehlano]

Openshift 4 doesn't allow connections to link-local addresses from containers (as per https://bugzilla.redhat.com/show_bug.cgi?id=1718389). This means that the aws-java-sdk within the druid deployed pods is unable to connect to the cloud metadata IP to pick up any IAM roles assigned to it.

The workaround for this from the redhat bugzilla is to enable hostNetwork on the pod. I can't see a way of achieving this through the operator. Does that functionality exist or is it possible to add it if not?

For security reasons, security/access keys aren't a viable means of authentication to S3 so we really need this functionality...

Thanks

[AdheipSingh]

as of now hostNetwork isnt supported in the operator.

[forzamehlano]

That's the conclusion I came to.

Is it possible to add that support?

[AdheipSingh]

@forzamehlano

though i am a bit sceptical on enabling hostNetwork: true , since it has its own security concerns. at most, can add an exception and log it as a warning event.

Also, if you are willing to contribute feel free to send a PR, will be happy to review it