-
Notifications
You must be signed in to change notification settings - Fork 803
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS_EC2_ENDPOINT overrides the STS endpoint and breaks IRSA #1122
Comments
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
@k8s-triage-robot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Looks like we should be implementing a resolver so that the endpoint is set to AWS_EC2_ENDPOINT iff service is EC2 as documented under https://docs.aws.amazon.com/sdk-for-go/api/aws/endpoints/ "Using Custom Endpoints". In that example they set the endpoint to s3.custom.endpoint.com iff service is S3. |
/kind bug
What happened?
kOps is adding support for IPv6 clusters and the EBS CSI driver requires access to the new EC2 dual-stack endpoints.
Setting
AWS_EC2_ENDPOINT=https://api.ec2.us-east-1.aws
overrides the EC2 endpoint but also affects the STS endpoint and breaks IRSA.What you expected to happen?
I expect setting
AWS_EC2_ENDPOINT=https://api.ec2.us-east-1.aws
to not affect STS.How to reproduce it (as minimally and precisely as possible)?
--aws-sdk-debug-log
).AWS_EC2_ENDPOINT=https://api.ec2.{{ Region }}.aws
as env var to the ebs-plugin container.Anything else we need to know?:
This should be partially addressed by #1120 by using
AWS_USE_DUALSTACK_ENDPOINT=true
instead.Though anyone using custom endpoints would still be affected, like it was initially intended in #369.
Environment
kubectl version
): 1.22.4The text was updated successfully, but these errors were encountered: