-
Notifications
You must be signed in to change notification settings - Fork 403
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
permissions grant with IAM Roles for Service Accounts does not work #625
Comments
👋 @sabrisay there should be some logs available from the container, those would help with debugging. At first glance, it looks like |
I am experiencing access denied to the bucket as ServiceAccount is not created via HelmCharts even though its specified in the
I am wondering why ServiceAccount isn't created. Even
Am I pointing to the deprecated repo ? if so, what the updated one. I've been looking for a valid CORRECTIONI found the correct values and I adjusted my values accordingly
ServiceAccount got created and attached to the pod. Yet, I am getting role trust policy
Indeed my cluster lives in IAM policy attached to the role
|
Hi There,
I am leveraging chartmuseum --version 3.8.0. As I am using service account with proper iam role on aws, I can not bring up Chartmuseum pod. Application does not throw any error even though --debug is enabled. If use worker node's role and attach necessary policies it works properly. I can make it work with iam user's credentials(aws_access_key_id and aws_secret_access_key).
Reproduce:
cat << custom-config.yaml > EOF
env:
open:
# STORAGE: local
AWS_SDK_LOAD_CONFIG: true
STORAGE: amazon
STORAGE_AMAZON_BUCKET:
STORAGE_AMAZON_PREFIX:
STORAGE_AMAZON_REGION: us-west-1
DEBUG: true
DISABLE_API: false
AUTH_ANONYMOUS_GET: true
ALLOW_OVERWRITE: true
service:
type: NodePort
serviceAccount:
create: true
automountServiceAccountToken: true
annotations:
eks.amazonaws.com/role-arn: ""
image:
repository: < my image reposiyory>
tag: v0.14.0
pullPolicy: IfNotPresent
securityContext:
enabled: true
fsGroup: 65534
EOF
helm install test -f custom-config chartmuseum/chartmuseum --version 3.8.0
After running this command, pod is trying to come up for a while. Since readiness and liveness probes are failing, pod is crashing eventually. When describe I am getting something like shared below:
Readiness probe failed: Get "http://<POD_IP>:8080/health": dial tcp <POD_IP>:8080: connect: connection refused
Note: When the same service account attached to an aws cli pod, it can list s3 bucket objets with no issue.
Any idea why it is behaving this way?
The text was updated successfully, but these errors were encountered: