maxneuvians
commented
3 years ago Added this, but the fargate pods are not inheriting an IAM role. We may need an EKS service account in that case
Open maxneuvians opened 3 years ago
maxneuvians
commented
3 years ago Added this, but the fargate pods are not inheriting an IAM role. We may need an EKS service account in that case
maxneuvians
commented
3 years ago We were able to add a fargate profile and service account so that the pods have all the access they need. However, because celery 3.26 uses boto and not boto3 it is not able to load the dynamic credentials that are injected into the container. boto3 has the ability to do this (https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html#assume-role-with-web-identity-provider) but boto does not. We will need to upgrade celery before we can use this dynamic scaling.
maxneuvians
commented
3 years ago The other solution is to use IAM credentials from a static IAM user
We should look into using https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html for the celery worker pods to make them more elastic.