Closed sabdalla80 closed 1 week ago
@PettitWesley I am seeing the same issue as this one (Fluent Bit 1.6 - ES Plugin: Failed to source credential on Amazon EKS IAM Roles for Service Account #2714). Could the bug have been re-introduced? I am able to send to S3, but not able to assume the role.
Here is another snippet of debug outputs
[2024/05/26 20:19:48] [debug] [upstream] KA connection #77 to s3.us-east-2.amazonaws.com:443 has been assigned (recycled) [2024/05/26 20:19:48] [debug] [http_client] not using http_proxy for header [2024/05/26 20:19:48] [debug] [aws_credentials] Requesting credentials from the STS provider.. [2024/05/26 20:19:48] [debug] [aws_credentials] STS Provider: Refreshing credential cache. [2024/05/26 20:19:48] [debug] [aws_credentials] Calling STS.. [2024/05/26 20:19:48] [debug] [upstream] KA connection #343 to sts.us-east-2.amazonaws.com:443 has been assigned (recycled) [2024/05/26 20:19:48] [debug] [http_client] not using http_proxy for header [2024/05/26 20:19:48] [debug] [aws_credentials] Requesting credentials from the EKS provider.. [2024/05/26 20:19:48] [debug] [task] destroy task=0x7fd750366f00 (task_id=0) [2024/05/26 20:19:48] [debug] [task] created task=0x7fd750366f00 id=0 without routes, dropping. [2024/05/26 20:19:48] [debug] [task] destroy task=0x7fd750366f00 (task_id=0) [2024/05/26 20:19:48] [debug] [task] created task=0x7fd750366f00 id=0 without routes, dropping.
[2024/05/26 20:19:48] [debug] [task] destroy task=0x7fd750366f00 (task_id=0) [2024/05/26 20:19:48] [debug] [aws_client] sts.us-east-2.amazonaws.com: http_do=0, HTTP Status: 403 [2024/05/26 20:19:48] [debug] [upstream] KA connection #343 to sts.us-east-2.amazonaws.com:443 is now available [2024/05/26 20:19:48] [debug] [aws_client] Unable to parse API response- response is not valid JSON. [2024/05/26 20:19:48] [debug] [aws_credentials] STS raw response:
Use latest or latest stable version
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days. Maintainers can add the exempt-stale
label.
This issue was closed because it has been stalled for 5 days with no activity.
I am am unable to assume a role all of a sudden from my daemonset/EKS application. The fluentbit application is trying to assume a role in a different account so it can write the logs to a bucket there. I am seeing this error recently without knowing what changed to cause this error. I appreciate any feedback on this. fluentBitChartVersion=0.46.7 fluentBitImageRepo=fluent/fluent-bit fluentBitImageTag=2.2.0 fluentBitChartName=fluent-bit
My output:
The error from logs with debug on: