问题
I am trying to run a pod on fargate from EKS that needs to access s3 via boto3 python client and I cant figure out why this is happening. It works just fine when scheduled on a eks ec2 node.
botocore.exceptions.NoCredentialsError: Unable to locate credentials
I have a properly setup fargate profile and followed this guide.
Does anyone know why aws credentials are not within the context of this pod? Does this have anything to do with the pod execution role?
回答1:
I have a properly setup fargate profile and followed this guide.
That's a great start and it will ensure your pods are scheduled on Fargate rather than EC2.
Does anyone know why aws credentials are not within the context of this pod? Does this have anything to do with the pod execution role?
Without knowing what exactly you defined it's impossible to troubleshoot but yes, it's worth checking the pod execution role for starters.
However, given that you want to access an S3 bucket from your pod you need to make sure the pod's service account uses the respective policy. Last year we introduced IRSA, allowing you to assign least privileges on the pod level and given you're on Fargate this is the way to go. So, please peruse and apply IRSA as per doc and report back if anything is not working as expect.
来源:https://stackoverflow.com/questions/60068942/pod-on-fargate-from-eks-does-not-have-access-to-aws-default-credentials