/chart - singleuser.extraAnnotations doesn't work role with aws

Gustavo_Ciria · June 25, 2021, 12:40pm

Bug description

I can’t connect to my s3 bucket using my role in extraAnnotations.

Example:

  events: true
  extraAnnotations:
    iam.amazonaws.com/role: my-role
  extraLabels:
    hub.jupyter.org/network-access-hub: "true"

The annotation is created in the pod, but through the terminal, I can’t list my buckets.

Previous versions worked. Latest version does not work either.

If I upload a POD with any image manually using this annotation, I have access to AWS without credentials using my role. Only with chart does not work.

Expected behaviour

When adding role, it should be possible to connect to aws using awscli in notebook.

Actual behaviour

Prompts for credentials and no communication with kube2iam takes place.

Unable to locate credentials. You can configure credentials by running "aws configure".

How to reproduce

Add role in singleuser notes and try to access AWS.

Your personal set up

EKS 1.17
HELM 3
CHART 0.11.1
APP 1.3.0
kube2iam

manics · June 25, 2021, 6:31pm

Hi! Could you show us your full Z2JH configuration, with secrets redacted?

Gustavo_Ciria · June 25, 2021, 6:57pm

Hi guys!
I just found the solution.

It is necessary to disable singleuser.cloudMetadata (false)
That way singleuser annotations can communicate with AWS, and my aws s3 ls worked

Thanks for listening

Topic		Replies	Views
singleuser.extraFiles not working BinderHub	3	749	March 26, 2021
Cannot acess metadata server from singleUser pods JupyterHub jupyterhub , help-wanted	4	685	November 17, 2022
Jupyterhub singleuser extra annotations templating Zero to JupyterHub on Kubernetes	1	65	March 20, 2024
JupyterHub (v0.8.2) Github Authorization not working JupyterHub	4	378	October 14, 2019
extraPodConfig values do not get set Zero to JupyterHub on Kubernetes jupyterhub , how-to , help-wanted	9	692	April 17, 2023