3

The scenario:

We have a K8s cluster on EKS using Fargate nodes. I am storing our credentials/secrets in AWS SecretManager and want our workers deployed on AWS Fargate to access these secrets directly.

The issue:

The python code inside the containers throw the following error, as it cannot find any aws credentials):
botocore.exceptions.NoCredentialsError: Unable to locate credentials

It is quite similar to the issue raised here and I already went ahead to add a service account as proposed in the answer to that question.

Specifically, I followed the guide here.

However, the last step does not return the expected output for me. There is no AWS environment variable being injected into any of the pods.

I also tried following the workshop here:https://www.eksworkshop.com/beginner/110_irsa/deploy/ but still not getting the expected output.

I will appreciate if anyone can point me in the right direction here. Thanks in advance!

Abdennour TOUMI
  • 87,526
  • 38
  • 249
  • 254
Emeka Icha
  • 31
  • 1
  • 3

1 Answers1

1

I believe you are missing the cluster create steps as described here. Specifically:

  • Set up the OIDC ID provider (IdP) in AWS.

If you like to inject things into your Pods automatically consider creating a MutatingAdmissionWebhook which basically responds to with JSONPatch that K8s applies to whatever object you specify.

This is a detailed walkthrough on how to create one.

Rico
  • 58,485
  • 12
  • 111
  • 141
  • Thanks @Rico. I created the cluster already and can confirm it works(installed a sample app on it). The issue is how I can inject the credentials that the pods need to run(or a way to have the pods pull them) – Emeka Icha Jul 17 '20 at 12:57
  • Added more details, you can create MutatingAdmissionWebhook that injects the annotations in the pod for example. Not that simple but a path to get what you want to be injected into your pods. – Rico Jul 17 '20 at 17:35