Bug 1388939

Summary: EC2 role credentials support for OSE internal docker registry
Product: OpenShift Container Platform Reporter: Miheer Salunke <misalunk>
Component: RFEAssignee: Dan McPherson <dmcphers>
Status: CLOSED DUPLICATE QA Contact: Xiaoli Tian <xtian>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.2.0CC: aos-bugs, jliggitt, jokerman, mmccomas, simon.gunzenreiner
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-31 12:52:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Miheer Salunke 2016-10-26 13:54:40 UTC 
1. Proposed title of this feature request
EC2 role credentials support for OSE internal docker registry



3. What is the nature and description of the request?  

To be able to consume AWS S3 bucket as persistent storage for OSE internal docker registry  AWS credentials (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) must be placed in 'docker registry' app secrets called dockerregistry.

From security and maintenance perspective this is not to handy so we would like to utilize "AWS EC2 role credentials" approach. 

More details about it you can hind here http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html


4. Why does the customer need this? (List the business requirements here)  
mentioned in the description
  
5. How would the customer like to achieve this? (List the functional requirements here)  
mentioned in the description
  
6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.   
  -

7. Is there already an existing RFE upstream or in Red Hat Bugzilla?
  -

8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?  
  -
    
9. List any affected packages or components.  
packages related to secrets
  
10. Would the customer be able to assist in testing this functionality if implemented? 
 -
Comment 3 Michal Fojtik 2016-10-27 09:20:07 UTC 
Miheer, if I understand this properly, the customer wants registry to retrieve the credentials needed for S3 access from "curl http://169.254.169.254/latest/meta-data/iam/security-credentials/s3access" instead of specifying them.

I think it is reasonable ask, but I'm moving this to an RFE component.
Comment 5 Dan McPherson 2016-10-31 12:52:03 UTC 

*** This bug has been marked as a duplicate of bug 1388468 ***