Oracle NoSQL support OKE Workload Identity

[dario-vega]

Fine-grained identity and access management control from Kubernetes to OCI NoSQL Tables

Oracle NoSQL Database Cloud Service uses Oracle Cloud Infrastructure Identity and Access Management, which enables you to create user accounts and control access to cloud resources. You can give users permission to inspect, read, use, or manage NoSQL tables for Oracle NoSQL. Authentication methods are available for API key-based, Token-based Authentication, Instance Principal, and Resource Principal. The Oracle NoSQL Database SDKs allow you to provide the credentials for an application using any of these authentication methods.

• Oracle NoSQL SDK for Java
• Node.js for Oracle NoSQL Database
• .NET SDK for Oracle NoSQL Database
• Oracle NoSQL Database Go SDK
• Oracle NoSQL Database SDK for Spring Data
• Oracle NoSQL Database Python SDK

Oracle NoSQL Database Cloud service has three different resource types: nosql-tables, nosql-rows, and nosql-indexes. It also has one aggregate resource called nosql-family. Policies are created that allow a group to work in specific ways with resources, such as nosql-tables in a particular compartment. All NoSQL tables belong to a defined compartment.

In Kubernetes, a workload is an application running on a Kubernetes cluster. A workload can be one application component running inside a single pod or several components running inside a set of pods that work together—all the pods in the workload run in the same namespace.

When applications require access to OCI resources, Workload Identity enables you to write OCI IAM policies scoped to the Kubernetes service account associated with application pods. This feature allows the applications running inside these pods to directly access the OCI API based on the permissions provided by the policies. The OCI Audit service also automatically tracks all Kubernetes workloads' API calls from your cluster.

With Workload Identity, you no longer need to store credentials as secrets in your Kubernetes cluster or rely on OCI dynamic groups for worker node policy-driven access to OCI resources and, more specifically, access to your NoSQL Tables.

We are excited to announce the support for OKE Workload Identity in all our NoSQL SDKs.

Read more: https://www.linkedin.com/pulse/fine-grained-identity-access-management-control-from-kubernetes-vega-wskwe/