Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updating documentation on how to setup IRSA on AWS
I tried configuring my Argo-Server to use s3 as an artifact repository, and then archive all logs automatically, and it worked fine. But then when I wanted to load those logs in the Argo-Server UI using the link `https://<arg_server_host>/artifacts/argo/<workflow_name>/<pod_name>/main-logs` I got the following error: ``` failed to create new S3 client: WebIdentityErr: failed fetching WebIdentity token: caused by: WebIdentityErr: unable to read file at /var/run/secrets/eks.amazonaws.com/serviceaccount/token caused by: open /var/run/secrets/eks.amazonaws.com/serviceaccount/token: permission denied ``` Reading through similar issues here: kubernetes-sigs/external-dns#1185 I found out that IRSA requires this setting on the Deployment: `spec.template.spec.securityContext.fsGroup: 65534` to fix the above issue. I thought it would be helpful to others to find information how to deal with it here, rather than search for the answers if they hit this problem. Signed-off-by: Dominik Deren <[email protected]>
- Loading branch information