Node IAM Role use cases

Available in VPC

The API of NAVER Cloud Platform can be used without having to install AccessKey and SecretKey as this assigns the Server Role type role to the worker node of Ncloud Kubernetes Service.

Example of Node IAM Role

To create a node pool that can access object storage and check if the object storage bucket list is viewed in POD, perform the following.

1. Create a Sub Account role

See the Create role guide to create a Server type role and add an NCP_OBJECT_STORAGE_VIEWER policy.

2. Create a node pool

Select Node IAM Role for the role created in Step 1 when you create a node pool.

3. Verify role assignment

After you create a node pool, select Sub Account > Roles - Role Name > Role Target to check if the node of the created node pool is added.

4. Verify role application

1. Copy the code below and save it as an alpine.yaml file.

apiVersion: v1
kind: Pod
metadata:
  name: alpine
spec:
  containers:
  - name: alpine
    image: alpine:3.12
    command:
      - sleep
      - "3600"
    imagePullPolicy: IfNotPresent
  restartPolicy: Always

2. Run the following command to deploy the desired POD.

$ kubectl apply -f alpine.yaml
pod/node-iam-test created

3. Run the following command to access POD via shell.

$ kubectl exec -it alpine -- sh
/ # 

4. Run the following command to install aws-cli.

/ # apk add aws-cli
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
(1/46) Installing libbz2 (1.0.8-r1)
(2/46) Installing expat (2.2.10-r4)
...
(46/46) Installing aws-cli (1.18.55-r0)
Executing busybox-1.31.1-r22.trigger
OK: 134 MiB in 60 packages

5. Run the following command to view the Bucket list of Object Storage.

/ # aws s3 ls --endpoint-url=https://kr.object.ncloudstorage.com
2020-09-01 07:58:31 bucket1
2020-12-08 14:52:07 bucket2
2020-07-20 06:37:20 bucket3
...