litestream icon indicating copy to clipboard operation
litestream copied to clipboard
verified publisher icon benbjohnson

Support for EKS Pod Identity

Open waldher opened this issue 1 year ago • 4 comments

When trying to use the EKS Pod Identity feature from AWS, we see the following error:

2024/11/19 08:06:14 Ignoring, HTTP credential provider invalid endpoint host, "169.254.170.23", only loopback hosts are allowed. <nil>
2024/11/19 08:06:14 ERROR failed to run error="cannot fetch generations: cannot lookup bucket region: NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors"

This is due to the fact that according to AWS documentation, this is only supported as of the aws-go-sdk v1.47.11. However, Litestream v0.3.13 uses v1.44.318. Thankfully, this was already patched in the main branch in #475, so all we would need to do is release a new version. No code changes are necessary.

Could we tag a new version off of the main branch, and push a new docker image to https://hub.docker.com/r/litestream/litestream ?

waldher avatar Nov 19 '24 09:11 waldher

@waldher would you be keen to you try ghcr.io/sylr/litestream:v0.3.13-32-ga91dbd7 which builds https://github.com/sylr/litestream/commit/a91dbd712dbcf6b302834a447467183f660e9d84 which uses aws-sdk-go-v2.

I have it working but I'm not using EKS Pod Identity but IRSA.

[!WARNING] There is a PR open but the test suite has not been ran yet (See: #622). Use it at your own risks.

sylr avatar Dec 15 '24 15:12 sylr

@sylr Thanks for providing a test image. Unfortunately, it didn't work as simply as I had hoped, as I got the following error:

2024/12/24 14:41:29 INFO restoring snapshot replica=s3 generation=048f03638203d35c index=1 path=/opt/app/data/data.db.tmp
panic: errors: target must be a non-nil pointer

goroutine 1 [running]:
errors.As({0x1560260?, 0x40004243c0?}, {0x1261e00?, 0x0?})
	/usr/local/go/src/errors/wrap.go:108 +0x1d4
github.com/benbjohnson/litestream/s3.isNotExists(...)
	/src/litestream/s3/replica_client.go:770
github.com/benbjohnson/litestream/s3.(*ReplicaClient).SnapshotReader(0x400038e800, {0x15713d0, 0x1e5f1a0}, {0x400041c314, 0x10}, 0x1)
	/src/litestream/s3/replica_client.go:291 +0x1c8
github.com/benbjohnson/litestream.(*Replica).restoreSnapshot(0x40002c60f0, {0x15713d0, 0x1e5f1a0}, {0x400041c314, 0x10}, 0x1, {0x4000045140, 0x19})
	/src/litestream/replica.go:1355 +0x114
github.com/benbjohnson/litestream.(*Replica).Restore(0x40002c60f0, {0x15713d0, 0x1e5f1a0}, {{0xffffe0b236ab, 0x15}, {0x0, 0x0}, {0x400041c314, 0x10}, 0x7fffffff, ...})
	/src/litestream/replica.go:1117 +0x83c
main.(*RestoreCommand).Run(0x1e5f1a0, {0x15713d0, 0x1e5f1a0}, {0x40001001a0, 0x4, 0x4})
	/src/litestream/cmd/litestream/restore.go:83 +0x6f8
main.(*Main).Run(0x40000021c0?, {0x15713d0, 0x1e5f1a0}, {0x4000100190, 0x5, 0x5})
	/src/litestream/cmd/litestream/main.go:120 +0x120
main.main()
	/src/litestream/cmd/litestream/main.go:40 +0x70

waldher avatar Dec 24 '24 14:12 waldher

Ok, I found the problem, could you try ~~ghcr.io/sylr/litestream:v0.3.13-32-ga4217ec@sha256 (build of https://github.com/sylr/litestream/commit/a4217ec24aac50494adc6a18c2bcd3d44f57ad22)~~?

EDIT: I found another issue that should be fixed in ghcr.io/sylr/litestream:v0.3.13-32-ge7b7cdb

sylr avatar Dec 24 '24 15:12 sylr

@sylr I've confirmed that ghcr.io/sylr/litestream:v0.3.13-32-ge7b7cdb works with EKS Pod Identity

waldher avatar Jan 28 '25 15:01 waldher

This issue has been inactive for 90 days and will be automatically closed in 30 days if there is no further activity. If this issue is still relevant, please add a comment to keep it open. Thank you for your contribution!

github-actions[bot] avatar Oct 30 '25 20:10 github-actions[bot]

This is resolved with the new release of litestream. Closing.

waldher avatar Oct 31 '25 06:10 waldher