(DEPRECATED) Apache Flink User Mailing List archive.

Re: Native Kubernetes annotation parsing problem

Posted by Yang Wang on
URL: http://deprecated-apache-flink-user-mailing-list-archive.369.s1.nabble.com/Native-Kubernetes-annotation-parsing-problem-tp41345p41361.html

If you are setting the config options in flink-conf.yaml, then you could directly add the following example.

kubernetes.jobmanager.annotations: iam.amazonaws.com/role:'arn:aws:iam::XXXXXXXX:role/XX/XXXX'

However, if you are using the dynamic properties in the CLI. Then the configuration value should also

be wrapped with a double quote. It just because we need to escape the value with single quote.

-Dkubernetes.jobmanager.annotations="iam.amazonaws.com/role:'arn:aws:iam::XXXXXXXX:role/XX/XXXX'"

It seems that IAM is not a common feature in Kubernetes. But from the documentation of AWS[1],

I think it could be specified via service account[2]. Hope this helps.

[1]. https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html

[2]. https://ci.apache.org/projects/flink/flink-docs-master/deployment/resource-providers/native_kubernetes.html#rbac

Best,

Yang

Kevin Kwon <[hidden email]> 于2021年2月8日周一下午11:58写道：

I think it will be more generic question of how I inject IAM roles in Native Kubernetes pods

I'm using Kubeiam and seems the namespace annotation doesn't work

On Mon, Feb 8, 2021 at 2:30 PM Kevin Kwon <[hidden email]> wrote:
Hi team, I'm using Native Kubernetes annotation config

kubernetes.jobmanager.annotations

and I'm facing some problem with parsing.

I use annotation

iam.amazonaws.com/role:'arn:aws:iam::XXXXXXXX:role/XX/XXXX'

but seems no matter what I do, the colon is getting parsed for key, value. can anyone help?