Node IAM Role use cases
- Print
- PDF
Node IAM Role use cases
- Print
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Available in VPC
The API of NAVER Cloud Platform can be used without having to install AccessKey and SecretKey as this assigns the Server Role type role to the worker node of Ncloud Kubernetes Service.
Example of Node IAM Role
To create a node pool that can access object storage and check if the object storage bucket list is viewed in POD, perform the following.
1. Create a Sub Account role
See the Create role guide to create a Server type role and add an NCP_OBJECT_STORAGE_VIEWER policy.
2. Create a node pool
Select Node IAM Role for the role created in Step 1 when you create a node pool.
3. Verify role assignment
After you create a node pool, select Sub Account > Roles - Role Name > Role Target to check if the node of the created node pool is added.
4. Verify role application
- Copy the code below and save it as an alpine.yaml file.
apiVersion: v1
kind: Pod
metadata:
name: alpine
spec:
containers:
- name: alpine
image: alpine:3.12
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
restartPolicy: Always
- Run the following command to deploy the desired POD.
$ kubectl apply -f alpine.yaml
pod/node-iam-test created
- Run the following command to access POD via shell.
$ kubectl exec -it alpine -- sh
/ #
- Run the following command to install aws-cli.
/ # apk add aws-cli
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
(1/46) Installing libbz2 (1.0.8-r1)
(2/46) Installing expat (2.2.10-r4)
...
(46/46) Installing aws-cli (1.18.55-r0)
Executing busybox-1.31.1-r22.trigger
OK: 134 MiB in 60 packages
- Run the following command to view the Bucket list of Object Storage.
/ # aws s3 ls --endpoint-url=https://kr.object.ncloudstorage.com
2020-09-01 07:58:31 bucket1
2020-12-08 14:52:07 bucket2
2020-07-20 06:37:20 bucket3
...
Was this article helpful?