Hi there, I'm trying out to run Flink on Kubernetes and I run into a problem with the way Flink sets up AWS credentials to talk with S3 and the way we manage AWS secrets in my company.
To give permissions to Flink I am using AWS keys embedded in flink.conf, as per https://ci.apache.org/projects/flink/flink-docs-stable/ops/deployment/aws.html#configure-access-credentials. The problem there is that we rotate daily our AWS keys in order to mitigate any eventual leak of keys. In order to make Flink pick up the new keys I understand I have to restart it, but that means downtime, especially for the jobs which have a large state to save. I know that in Kubernetes land there are these two projects, https://github.com/uswitch/kiam and https://github.com/jtblin/kube2iam <https://github.com/jtblin/kube2iamm>, that make possible to associate IAM policies to pods/containers. But they are not part of the "official" Kubernetes software, which kinda surprises me. Did anyone run into a similar problem? If so, how did you solve it? Cheers, Antonio
