search

vmware / vmware-go-kcl-v2

vmware-go-kcl is a vmware originated open-source project for AWS Kinesis Client Library in Go. It has been widely used by many external companies and internally by Carbon Black. vmware-go-kcl-v2 is its companion project by utilizing AWS Go SDK V2 which introduces lots of breaking changes. To keep the repo clean, it is better to have a separated repo vmware-go-kcl-v2 with better golang project structure improvement.
MIT License
23 stars 17 forks source link

Kinesis API's giving 404 while intializing worker from k8 pods using IRCA auth mechanism. #4

Open kashyap2108 opened 2 years ago

kashyap2108 commented 2 years ago

Describe the bug

Inside worker.intialize()method when this method is called 

streamDescription, err := w.kc.DescribeStream(context.TODO(), &kinesis.DescribeStreamInput{
        StreamName: &w.kclConfig.StreamName,
    })

We are Getting the following error while running from k8 pod. failed to sign request: failed to retrieve credentials: failed to retrieve credentials, operation error STS: AssumeRoleWithWebIdentity, https response error StatusCode: 404

while running the worker from EC2 instance it's working fine. we are using IRSA method for auth. mechanism from k8 pod.

Kinesis DescribeStream and ListShards Api's are failing and giving above error.

Reproduction steps

1.Try to run the worker from k8 pod which uses IRSA auth. mechanism.
...

Expected behavior

It should be able to use the Kinesis Stream APi's without any error.

Additional context

No response

kashyap2108 commented 2 years ago

@liuqi @matt-royal @aramprice

taoj-action commented 2 years ago

@kashyap2108 Are you using IRSA? It shouldn't be too hard to login to the pod and run AWS CLI for Kinesis to figure it out. Most likely, it is a configuration issue.

"Before starting the setup, check your EKS cluster version. IRSA is available on Amazon EKS versions 1.14 or later. To use this feature, you need to update your existing cluster to version 1.14 or later."