Support control which buckets specific pod can mount

Question

Support control which buckets specific pod can mount

tom10271 opened this issue 10 months ago · 1 comments

/feature

Is your feature request related to a problem? Please describe.
According to this doc it means I need to authorize the S3 CSI addon which buckets it can mount to pods, the problem is I don't want different pods be able to mount limited set of buckets but not all buckets the addon can mount.

Assuming I have 3 distinct projects hosted in EKS, they have their own set of assets and config files stored in S3. Project B should not mount Project A's bucket and potentially touches or views what are inside.

Describe the solution you'd like in detail
Is it possible to use EKS Pod Identity or allowing us to specific which role to use on mounting S3 buckets annotating in PVC?

Describe alternatives you've considered

Additional context

Answer 1 · 2024-01-30T15:03:55.000Z

Thank you for the request. I am going to close this as a duplicate in favor of these issues:
#136
#111

Please comment on those or open a new issue if they do not address your use case or there is additional detail you would like to add.