If you are setting the config options in flink-conf.yaml, then you could directly add the following example. *kubernetes.jobmanager.annotations: iam.amazonaws.com/role:'arn:aws:iam::XXXXXXXX:role/XX/XXXX <http://iam.amazonaws.com/role:'arn:aws:iam::XXXXXXXX:role/XX/XXXX>'*
However, if you are using the dynamic properties in the CLI. Then the configuration value should also be wrapped with a double quote. It just because we need to escape the value with single quote. *-Dkubernetes.jobmanager.annotations="iam.amazonaws.com/role:'arn:aws:iam::XXXXXXXX:role/XX/XXXX <http://iam.amazonaws.com/role:'arn:aws:iam::XXXXXXXX:role/XX/XXXX>'"* It seems that IAM is not a common feature in Kubernetes. But from the documentation of AWS[1], I think it could be specified via service account[2]. Hope this helps. [1]. https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html [2]. https://ci.apache.org/projects/flink/flink-docs-master/deployment/resource-providers/native_kubernetes.html#rbac Best, Yang Kevin Kwon <fsw0...@gmail.com> 于2021年2月8日周一 下午11:58写道: > I think it will be more generic question of how I inject IAM roles in > Native Kubernetes pods > > I'm using Kubeiam and seems the namespace annotation doesn't work > > On Mon, Feb 8, 2021 at 2:30 PM Kevin Kwon <fsw0...@gmail.com> wrote: > >> Hi team, I'm using Native Kubernetes annotation config >> >> >> *kubernetes.jobmanager.annotations* >> >> and I'm facing some problem with parsing. >> >> I use annotation >> >> >> *iam.amazonaws.com/role:'arn:aws:iam::XXXXXXXX:role/XX/XXXX >> <http://iam.amazonaws.com/role:'arn:aws:iam::XXXXXXXX:role/XX/XXXX>'* >> >> but seems no matter what I do, the colon is getting parsed for key, >> value. can anyone help? >> >
