arjun180 opened a new issue #1263:
URL: https://github.com/apache/camel-kafka-connector/issues/1263
I have a AWS s3 source connector with the following configurations :
```
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaConnector
metadata:
name: source-connector
namespace : my-namespace
labels:
strimzi.io/cluster: my-connect-cluster
spec:
class: org.apache.camel.kafkaconnector.aws2s3.CamelAws2s3SourceConnector
serviceAccountName: my-kafka-sa
tasksMax: 1
config:
topics: my-source-topic
camel.source.path.bucketNameOrArn: my-kafka-connect
camel.component.aws2-s3.useDefaultCredentialsProvider: true
camel.component.aws2-s3.moveAfterRead: false
camel.source.endpoint.region: xxxxxx
camel.component.aws2-s3.deleteAfterRead: true
```
We are trying to get all the pods in our Kafka ecosystem to use a specific
web identity token file based on a custom IAM role. The idea is to add IAM
credentials to each of the CRDs deployed by the operator in EKS (in this case,
it's Kafka connect). I do realize that the
`camel.component.aws2-s3.useDefaultCredentialsProvider: true` has the connector
use the default EKS node role, but we'd want it use the `serviceAccountName:
my-kafka-sa`. We did configure the above but got the following error when
trying to run a `kubectl describe kafkaconnector`
```
Caused by: software.amazon.awssdk.core.exception.SdkClientException: Unable
to load credentials from any of the providers in the chain
AwsCredentialsProviderChain(credentialsProviders=[SystemPropertyCredentialsProvider(),
EnvironmentVariableCredentialsProvider(),
WebIdentityTokenCredentialsProvider(), ProfileCredentialsProvider(),
ContainerCredentialsProvider(), InstanceProfileCredentialsProvider()]) :
[SystemPropertyCredentialsProvider(): Unable to load credentials from system
settings. Access key must be specified either via environment variable
(AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId).,
EnvironmentVariableCredentialsProvider(): Unable to load credentials from
system settings. Access key must be specified either via environment variable
(AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId).,
WebIdentityTokenCredentialsProvider(): To use web identity tokens, the 'sts'
service module must be on the class path., ProfileCredentialsProvider():
Profile file containe
d no credentials for profile 'default': ProfileFile(profiles=[]),
ContainerCredentialsProvider(): Cannot fetch credentials from container -
neither AWS_CONTAINER_CREDENTIALS_FULL_URI or
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variables are set.,
InstanceProfileCredentialsProvider(): Unable to load credentials from service
endpoint.]
at
software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:98)
at
software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain.resolveCredentials(AwsCredentialsProviderChain.java:112)
at
software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider.resolveCredentials(LazyAwsCredentialsProvider.java:45)
at
software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.resolveCredentials(DefaultCredentialsProvider.java:104)
at
software.amazon.awssdk.awscore.client.handler.AwsClientHandlerUtils.createExecutionContext(AwsClientHandlerUtils.java:79)
at
software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.createExecutionContext(AwsSyncClientHandler.java:68)
at
software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:97)
at
software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:167)
at
software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:94)
at
software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45)
at
software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:55)
at
software.amazon.awssdk.services.s3.DefaultS3Client.headBucket(DefaultS3Client.java:4861)
at
org.apache.camel.component.aws2.s3.AWS2S3Endpoint.doStart(AWS2S3Endpoint.java:98)
at org.apache.camel.support.service.BaseService.start(BaseService.java:115)
at
org.apache.camel.support.service.ServiceHelper.startService(ServiceHelper.java:113)
at
org.apache.camel.impl.engine.RouteService.doWarmUp(RouteService.java:186)
at org.apache.camel.impl.engine.RouteService.warmUp(RouteService.java:121)
```
We checked the Kafka connect resource :
```
WS_DEFAULT_REGION=<region>
AWS_WEB_IDENTITY_TOKEN_FILE=/eks.amazonaws.com/serviceaccount/token
AWS_REGION=<region>
AWS_ROLE_ARN=arn:aws:iam::xxxxxxxxxxxx:role/my-kafka-sa
```
How could we get the connectors to use the specified IAM credentials instead
of the default EKS node role?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
