-
Notifications
You must be signed in to change notification settings - Fork 855
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable support for aws eks rbac and aws iam msk #287
base: master
Are you sure you want to change the base?
Conversation
What are the differences respect to this other PR to address the same target?#275 Have you pushed the docker image of your forked project in dockerhub? |
Using your PR, I get
any idea? |
@fabioformosa We need to specify a semi colon at the end of the |
This MR aims to use the role scoped to a service account for a pod in an eks cluster if such a role exists. #275 by default would use the role assigned to an ec2 instance. |
@creed123 Do you mean maybe Yes, I've tried. It solves but now I get:
My eks automatically created a IAM Role, I gave fullAdminAccess to this Role to try to solve. Same error. In your view, what can it be the cause? |
@fabioformosa Can you check if the role attached to your ec2 instance has the correct permissions? |
In case it helps, I verified this works from OpenShift (Kubernetes) cluster using IRSA (https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html). The only additional change I had to make was to provide
|
gentle ping |
Gentle ping X2 |
gentle ping x3 |
I will be happy to merge this PR, but someone need to resolve the conflicts and review it. |
I'm happy to help out with the conflicts, but I guess I need to become a contributor over here. |
@mfinger-incontact |
@mfinger-incontact gentle ping |
This pull request aims to:
https://docs.amazonaws.cn/en_us/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html
https://aws.amazon.com/blogs/big-data/securing-apache-kafka-is-easy-and-familiar-with-iam-access-control-for-amazon-msk/
Additional environment variables need to be specified:
--KAFKA_IAM_ENABLED=true
--KAFKA_SASL_MECHANISM=AWS_MSK_IAM
--KAFKA_SECURITY_PROTOCOL=SASL_SSL
--KAFKA_JAAS_CONFIG='software.amazon.msk.auth.iam.IAMLoginModule;'
--KAFKA_IS_SECURED=true