Using EKS pod identity with Kubernetes Airbyte deployment

slack-user-airbyte · August 23, 2024, 6:11am

Summary

Airbyte job logs show error related to AWS credentials when trying to publish to S3. The issue seems to be with the Airbyte code not looking in the correct place for the credentials.

Question

Hello!
Is anyone use EKS pod identity in conjuction with their kubernetes airbyte deployment?

I am seeing this error in the pod logs, related to airbyte job logs:
Cannot end publishing: Cannot publish to S3: Unable to load AWS credentials from any provider in the chain: [EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)), SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey), WebIdentityTokenCredentialsProvider: You must specify a value for roleArn and roleSessionName, com.amazonaws.auth.profile.ProfileCredentialsProvider@9a458c1: profile file cannot be null, com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@763b785: The full URI (<http://169.254.170.23/v1/credentials>) contained withing environment variable AWS_CONTAINER_CREDENTIALS_FULL_URI has an invalid host. Host should resolve to a loopback address or have the full URI be HTTPS.]
When I look at the pod it has the correct environment variable that the pod identity add-on adds based on the service account:

AWS_DEFAULT_REGION:                      us-west-2
AWS_REGION:                              us-west-2
AWS_CONTAINER_CREDENTIALS_FULL_URI:      <http://X.X.X.X/v1/credentials>
AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE:  /var/run/secrets/pods.eks.amazonaws.com/serviceaccount/eks-pod-identity-token```
It just appears that the airbyte code is not looking in the right place for the creds.

Anyone have experience with this?

<br>

---

This topic has been created from a Slack thread to give it more visibility.
It will be on Read-Only mode here. [Click here](https://airbytehq.slack.com/archives/C021JANJ6TY/p1724364879999639) if you want 
to access the original thread.

[Join the conversation on Slack](https://slack.airbyte.com)

<sub>
["eks-pod-identity", "kubernetes", "airbyte", "aws-credentials", "s3"]
</sub>

Topic		Replies	Views
Struggling with S3 configuration for state & logging using instanceProfile authentication Platform Questions platform , error-message , question , s3-configuration , aws-credentials	3	109	September 8, 2024
Issue with deploying through Helm on AWS EKS due to AWS credentials error Platform Questions helm , bug , aws-eks , aws-credentials , authentication-type	14	64	September 11, 2024
Enabling external log storage to S3 using instanceProfile in Airbyte v1.0.0 on AWS EC2 Platform Questions platform , question , aws-credentials , aws-ec2 , instanceprofile	6	21	October 26, 2024
Issue with S3 credentials configuration in Airbyte deployment Platform Questions platform , helm , question , airbyte-deployment , s3-credentials	5	2	November 1, 2024
Issue with AWS credentials when adding a destination with a secret in Airbyte on EKS Platform Questions airbyte , aws-secrets-manager , destination , eks , aws-credentials	1	5	October 17, 2024

Using EKS pod identity with Kubernetes Airbyte deployment

Summary

Question

Related topics