Pod on Fargate from EKS does not have access to AWS default credentials

心已入冬 提交于 2021-02-11 04:24:43

问题


I am trying to run a pod on fargate from EKS that needs to access s3 via boto3 python client and I cant figure out why this is happening. It works just fine when scheduled on a eks ec2 node.

botocore.exceptions.NoCredentialsError: Unable to locate credentials

I have a properly setup fargate profile and followed this guide.

Does anyone know why aws credentials are not within the context of this pod? Does this have anything to do with the pod execution role?


回答1:


I have a properly setup fargate profile and followed this guide.

That's a great start and it will ensure your pods are scheduled on Fargate rather than EC2.

Does anyone know why aws credentials are not within the context of this pod? Does this have anything to do with the pod execution role?

Without knowing what exactly you defined it's impossible to troubleshoot but yes, it's worth checking the pod execution role for starters.

However, given that you want to access an S3 bucket from your pod you need to make sure the pod's service account uses the respective policy. Last year we introduced IRSA, allowing you to assign least privileges on the pod level and given you're on Fargate this is the way to go. So, please peruse and apply IRSA as per doc and report back if anything is not working as expect.



来源:https://stackoverflow.com/questions/60068942/pod-on-fargate-from-eks-does-not-have-access-to-aws-default-credentials

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!