search

helm / chartmuseum

helm chart repository server
https://chartmuseum.com
Apache License 2.0
3.52k stars 396 forks source link

Support for AWS EKS Pod Identities. #764

Closed wesleyorama2 closed 2 months ago

wesleyorama2 commented 2 months ago

Hey I looked around and haven't seen this issue yet so I thought I would open it up.

We are using AWS EKS Pod Identities for pod to AWS creds and such. This is working great for several charts but it doesn't appear that ChartMuseum supports it.

Here is the pod log when attempting to use Pod Identities:

{"L":"ERROR","T":"2024-04-26T00:07:28.161Z","M":"NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors","repo":""}
2024/04/26 00:07:28 NoCredentialProviders: no valid providers in chain. Deprecated.
    For verbose messaging see aws.Config.CredentialsChainVerboseErrors
2024/04/26 00:07:28 Ignoring, HTTP credential provider invalid endpoint host, "169.254.170.23", only loopback hosts are allowed. <nil>

This is setup correctly for pod identities as the ENV vars have been injected correctly into the pod:

AWS_CONTAINER_CREDENTIALS_FULL_URI:      http://169.254.170.23/v1/credentials                                                                                                                                 
AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE:  /var/run/secrets/pods.eks.amazonaws.com/serviceaccount/eks-pod-identity-token
scbizu commented 2 months ago

It seems that our aws sdk version do not support EKS Pod Identities , I will try to bump it .

wesleyorama2 commented 2 months ago

Closing since PR has been merged. Will open new issue should further issues arise.

scbizu commented 2 months ago

hey @wesleyorama2 , you can try our new canary image if possible.