-
Notifications
You must be signed in to change notification settings - Fork 437
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[fluent-bit] Unable to authenticate Opensearch with custom IAM role in EKS 1.24 #383
Comments
Hi @bogdandisc have You resolved the issue? I found in Fluentbit Docuemtnation the parameter AWS_Auth - but I use helm chart and to be honest I don't know how to use this parameter in my case...
Do You have any suggestions/ideas? Thanks |
have you given necessary wite grants on opensearch side? you have to map your role with necessary permission |
Environment:
I am trying to deploy fluent-bit using the standard helm chart:
Have tried to create a new service account via the helm chart:
And also tried to create a new service account and attach it in the values.yaml file.
In both cases I can see the service account getting attached to the fluent-bit pods and the trust policy working. There's no reason that the IRSA token is not used by the fluent-bit role.
I am also aware that in 1.24 secrets are not created automatically, so I am creating one in terraform and attaching it to the service account:
However the fluent-bit pods are not authenticating using the
fluent-bit
service account and are using the worker node IAM role instead:The text was updated successfully, but these errors were encountered: