Support for IAM external database authentication

[TNonet]

What would you like to be added?

Modern cloud providers are pushing people towards IAM-based authentication (away from managing passwords) for all services. AWS RDS and GCP Cloud SQL support IAM authentication for their Postgres and MySQL databases.

Can we discuss allowing Clusterpeida to use role-based authentication for external storage?

Ideally, I could assign a K8s Service Account (SA) to the relevant Clusterpedia Pods, allowing the pod to assume an IAM role allowing access to the DB.
AWS Docs:

• https://docs.aws.amazon.com/eks/latest/userguide/associate-service-account-role.html
• https://docs.aws.amazon.com/eks/latest/userguide/pod-configuration.html
• https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html

Separately, it would be nice if the cluster.clusterpedia.io/v1alpha2 resource did not require caData or tokenData itself and could also use K8s Service Accounts to gain access to cluster resources.

Why is this needed?

This would significantly improve the security posture of running Clusterpedia.

[clusterpedia-bot]

Hi @TNonet,
Thanks for opening an issue!
We will look into it as soon as possible.

Details

Instructions for interacting with me using comments are available here.
If you have questions or suggestions related to my behavior, please file an issue against the gh-ci-bot repository.