Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/spring-boot/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Spring boot Spring配置服务器无法从codecommit获取属性_Spring Boot_Kubernetes_Amazon Iam_Aws Codecommit_Spring Cloud Config Server - Fatal编程技术网
Fatal编程技术网
  • spring-boot/
  • Spring boot Spring配置服务器无法从codecommit获取属性

Spring boot Spring配置服务器无法从codecommit获取属性

spring-boot kubernetes

Spring boot Spring配置服务器无法从codecommit获取属性,spring-boot,kubernetes,amazon-iam,aws-codecommit,spring-cloud-config-server,Spring Boot,Kubernetes,Amazon Iam,Aws Codecommit,Spring Cloud Config Server,我在使用Kubernetes服务帐户为spring配置服务器授予对codecommit存储库的访问权限时遇到了一个问题 当AWSCodeCommitReadOnly被授予EKS cluster.worker-node角色时,配置服务器能够成功获取属性,但是使用服务帐户复制此属性会导致配置服务器抛出以下错误: Cannot clone or checkout repository: https://git-codecommit.eu-west-1.amazonaws.com/v1/repos/co

我在使用Kubernetes服务帐户为spring配置服务器授予对codecommit存储库的访问权限时遇到了一个问题

当AWSCodeCommitReadOnly被授予EKS cluster.worker-node角色时,配置服务器能够成功获取属性,但是使用服务帐户复制此属性会导致配置服务器抛出以下错误:

Cannot clone or checkout repository: https://git-codecommit.eu-west-1.amazonaws.com/v1/repos/config-server-properties
已使用CodeCommit策略创建了一个单独的IAM角色,该角色将附加到带有注释的服务帐户:

Annotations:         eks.amazonaws.com/role-arn: arn:aws:iam::accountnum:role/test-pod-iam-permissions
iam角色具有eks群集的受信任实体以及以下条件:

system:serviceaccount:namespace:test-pod-iam-permissions
我们还创建了一个clusterrole,它应该可以访问所有动词/资源:

Labels:       <none>
Annotations:  <none>
PolicyRule:
  Resources  Non-Resource URLs  Resource Names  Verbs
  ---------  -----------------  --------------  -----
  *          []                 []              [*]
单独的serviceaccount是否可以覆盖我们在此处尝试授予的权限? 我们已经更新了配置服务器pom,将1.11.623用于aws java sdk核心,并添加了 aws java sdk sts

Name:         iam-permissions-binding
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  ClusterRole
  Name:  iam-permissions
Subjects:
  Kind            Name                      Namespace
  ----            ----                      ---------
  ServiceAccount  test-pod-iam-permissions  namespace

$ kubectl exec -n namespace config-service-pod env | grep AWS
AWS_DEFAULT_REGION=eu-west-1
AWS_ROLE_ARN=arn:aws:iam::accountnum:role/test-pod-iam-permissions
AWS_REGION=eu-west-1
AWS_WEB_IDENTITY_TOKEN_FILE=/var/run/secrets/eks.amazonaws.com/serviceaccount/token