search

shalb / cluster.dev

Cloud-native infrastructure templating. Creating cloud installers for SaaS. Replication of complex cloud-native infrastructures.
https://docs.cluster.dev/
GNU Affero General Public License v3.0
401 stars 36 forks source link

DO access via env variables not works #220

Closed gelo22 closed 4 months ago

gelo22 commented 1 year ago

Problem: When DO access configured via env variables SPACES_SECRET_KEY and SPACES_ACCESS_TOKEN - I see error:

14:16:49 [DEBUG] Registering unit type: shell
14:16:49 [DEBUG] Registering unit type: k8s-manifest
14:16:49 [DEBUG] Registering unit type: helm
14:16:49 [DEBUG] Registering unit type: kubernetes
14:16:49 [DEBUG] Registering unit type: tfmodule
14:16:49 [DEBUG] Registering unit type: printer
14:16:49 [DEBUG] Creates code directory: './.cluster.dev/cache'
14:16:49 [FATAL] Fatal error: apply: reading backend: s3 configuration diagnostics returns errors:

Summary: No valid credential sources found
Details: Please see 
for more information about providing credentials.

Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, access disabled to EC2 IMDS via client option, or "AWS_EC2_METADATA_DISABLED" environment variable

Configuration via yaml works as expected:

  access_key: "<SPACES_SECRET_KEY>"
  secret_key: "<SPACES_ACCESS_TOKEN>"

Source:

  access_key: "<SPACES_SECRET_KEY>" # Optional, it's better to use environment variable 'export SPACES_SECRET_KEY="key"'
  secret_key: "<SPACES_ACCESS_TOKEN>" # Optional, it's better to use environment variable 'export SPACES_ACCESS_TOKEN="token"'

https://github.com/shalb/cluster.dev/blob/master/docs/structure-backend.md#digital-ocean-spaces-and-minio https://docs.cluster.dev/examples-do-k8s/

Cluster.dev Version: cdev version v0.7.20 build timestamp: 2023-09-17T09:53:44+0000

Cluster.dev Config: Any with DO backend

name: do-backend
kind: Backend
provider: s3
spec:
  bucket: my-cdev-state
  region: main
  endpoint: "https://fra1.digitaloceanspaces.com"
  skip_credentials_validation: true
  skip_region_validation: true
  skip_metadata_api_check: true
romanprog commented 4 months ago

@gelo22 You can use templating for this:

  access_key: {{ reqEnv "SPACES_SECRET_KEY" }}
  secret_key: {{ reqEnv "SPACES_ACCESS_TOKEN" }}

Terraform does not support do backend, only classic s3, so DigitalOcaan env vars not supported for state backend. On the other hand, for work with do resources, this vars should work.