You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by GitBox <gi...@apache.org> on 2020/05/06 13:45:01 UTC
[GitHub] [flink] aroch opened a new pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
aroch opened a new pull request #12008:
URL: https://github.com/apache/flink/pull/12008
<!--
*Thank you very much for contributing to Apache Flink - we are happy that you want to help us improve Flink. To help the community review your contribution in the best possible way, please go through the checklist below, which will get the contribution into a shape in which it can be best reviewed.*
*Please understand that we do not do this to make contributions to Flink a hassle. In order to uphold a high standard of quality for code contributions, while at the same time managing a large number of contributions, we need contributors to prepare the contributions well, and give reviewers enough contextual information for the review. Please also understand that contributions that do not follow this guide will take longer to review and thus typically be picked up with lower priority by the community.*
## Contribution Checklist
- Make sure that the pull request corresponds to a [JIRA issue](https://issues.apache.org/jira/projects/FLINK/issues). Exceptions are made for typos in JavaDoc or documentation files, which need no JIRA issue.
- Name the pull request in the form "[FLINK-XXXX] [component] Title of the pull request", where *FLINK-XXXX* should be replaced by the actual issue number. Skip *component* if you are unsure about which is the best component.
Typo fixes that have no associated JIRA issue should be named following this pattern: `[hotfix] [docs] Fix typo in event time introduction` or `[hotfix] [javadocs] Expand JavaDoc for PuncuatedWatermarkGenerator`.
- Fill out the template below to describe the changes contributed by the pull request. That will give reviewers the context they need to do the review.
- Make sure that the change passes the automated tests, i.e., `mvn clean verify` passes. You can set up Travis CI to do that following [this guide](https://flink.apache.org/contributing/contribute-code.html#open-a-pull-request).
- Each pull request should address only one issue, not mix up code from multiple issues.
- Each commit in the pull request has a meaningful commit message (including the JIRA id)
- Once all items of the checklist are addressed, remove the above text and this checklist, leaving only the filled out template below.
**(The sections below can be removed for hotfixes of typos)**
-->
## What is the purpose of the change
IAM Roles for Service Accounts have many advantages when deploying Flink on AWS EKS.
From AWS documentation:
> With IAM roles for service accounts on Amazon EKS clusters, you can associate an IAM role with a Kubernetes service account. This service account can then provide AWS permissions to the containers in any pod that uses that service account. With this feature, you no longer need to provide extended permissions to the worker node IAM role so that pods on that node can call AWS APIs.
In order to support for IAM Roles for Service Accounts we need to add support for a relatively new authentication method in AWS SDK called WebIdentityToken.
This pull request adds support for WebIdentityToken authentication method when using AWS services. This includes S3 and Kinesis.
## Brief change log
S3
- Bumping AWS SDK dependency to 1.11.754
- Bumping httpcomponents:httpclient dependency to 4.5.9
- Added aws-java-sdk-sts dependency
Kinesis
- Bumping AWS SDK dependency to 1.11.754
- Added CredentialProvider type for WebIdentityToken
## Verifying this change
It is tricky to verify this change by end-to-end test as Kinesalite doesn't support authentication methods. Minio does support it but requires extra containers to be launched to do the actual token verification that will complicate and lengthen the s3 tests.
Added configuration unit tests in `AWSUtilTest`
As this change is mainly a dependency change, I verified it manually on an actual EKS cluster.
## Does this pull request potentially affect one of the following parts:
- Dependencies (does it add or upgrade a dependency): (**yes** / no)
- The public API, i.e., is any changed class annotated with `@Public(Evolving)`: (yes / **no**)
- The serializers: (yes / **no**)
- The runtime per-record code paths (performance sensitive): (yes / **no**)
- Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn/Mesos, ZooKeeper: (yes / **no** / don't know)
- The S3 file system connector: (**yes** / no)
## Documentation
- Does this pull request introduce a new feature? (**yes** / no)
- If yes, how is the feature documented? (not applicable / docs / **JavaDocs** / not documented)
Currently I could not find the deployment on EKS documented anywhere. If needed i'm willing to add docs if that would be helpful.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] flinkbot edited a comment on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-624669036
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "444df93e2914947a7abedb56bc1a67d465120086",
"status" : "DELETED",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=698",
"triggerID" : "444df93e2914947a7abedb56bc1a67d465120086",
"triggerType" : "PUSH"
}, {
"hash" : "0345244193a2bcaef61a025e25435eb24ee9a3ce",
"status" : "DELETED",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=721",
"triggerID" : "0345244193a2bcaef61a025e25435eb24ee9a3ce",
"triggerType" : "PUSH"
}, {
"hash" : "9125cf60f563c82706ac9b6666640192e33f6960",
"status" : "CANCELED",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=1280",
"triggerID" : "9125cf60f563c82706ac9b6666640192e33f6960",
"triggerType" : "PUSH"
}, {
"hash" : "39553c3f639b9a0b744ce3161a16dd9a639664c4",
"status" : "PENDING",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=1329",
"triggerID" : "39553c3f639b9a0b744ce3161a16dd9a639664c4",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 9125cf60f563c82706ac9b6666640192e33f6960 Azure: [CANCELED](https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=1280)
* 39553c3f639b9a0b744ce3161a16dd9a639664c4 Azure: [PENDING](https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=1329)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] flinkbot edited a comment on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-624669036
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "444df93e2914947a7abedb56bc1a67d465120086",
"status" : "DELETED",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=698",
"triggerID" : "444df93e2914947a7abedb56bc1a67d465120086",
"triggerType" : "PUSH"
}, {
"hash" : "0345244193a2bcaef61a025e25435eb24ee9a3ce",
"status" : "CANCELED",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=721",
"triggerID" : "0345244193a2bcaef61a025e25435eb24ee9a3ce",
"triggerType" : "PUSH"
}, {
"hash" : "9125cf60f563c82706ac9b6666640192e33f6960",
"status" : "PENDING",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=1280",
"triggerID" : "9125cf60f563c82706ac9b6666640192e33f6960",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 0345244193a2bcaef61a025e25435eb24ee9a3ce Azure: [CANCELED](https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=721)
* 9125cf60f563c82706ac9b6666640192e33f6960 Azure: [PENDING](https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=1280)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] rmetzger commented on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
rmetzger commented on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-628526789
@aroch Thanks a lot for updating the docs! I'm still working on this.
I'm struggling my way through learning EKS, building custom Flink docker images etc. :)
Right now, I'm facing `org.apache.flink.kinesis.shaded.com.amazonaws.services.kinesis.producer.DaemonException: The child process has been shutdown and can no longer accept messages.`. From my initial research, I assume that my alpine-based docker image (build from `flink-container/docker` won't work with the Kinesis binaries).
How are you building your 1.11-SNAPSHOT docker containers?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] flinkbot edited a comment on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-624669036
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "444df93e2914947a7abedb56bc1a67d465120086",
"status" : "DELETED",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=698",
"triggerID" : "444df93e2914947a7abedb56bc1a67d465120086",
"triggerType" : "PUSH"
}, {
"hash" : "0345244193a2bcaef61a025e25435eb24ee9a3ce",
"status" : "DELETED",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=721",
"triggerID" : "0345244193a2bcaef61a025e25435eb24ee9a3ce",
"triggerType" : "PUSH"
}, {
"hash" : "9125cf60f563c82706ac9b6666640192e33f6960",
"status" : "CANCELED",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=1280",
"triggerID" : "9125cf60f563c82706ac9b6666640192e33f6960",
"triggerType" : "PUSH"
}, {
"hash" : "39553c3f639b9a0b744ce3161a16dd9a639664c4",
"status" : "UNKNOWN",
"url" : "TBD",
"triggerID" : "39553c3f639b9a0b744ce3161a16dd9a639664c4",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 9125cf60f563c82706ac9b6666640192e33f6960 Azure: [CANCELED](https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=1280)
* 39553c3f639b9a0b744ce3161a16dd9a639664c4 UNKNOWN
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] rmetzger commented on a change in pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
rmetzger commented on a change in pull request #12008:
URL: https://github.com/apache/flink/pull/12008#discussion_r425220616
##########
File path: flink-filesystems/flink-s3-fs-presto/src/main/resources/META-INF/NOTICE
##########
@@ -12,11 +12,11 @@ This project bundles the following dependencies under the Apache Software Licens
- commons-io:commons-io:2.4
- commons-lang:commons-lang:2.6
- commons-logging:commons-logging:1.1.3
-- com.amazonaws:aws-java-sdk-core:1.11.271
-- com.amazonaws:aws-java-sdk-dynamodb:1.11.271
-- com.amazonaws:aws-java-sdk-kms:1.11.271
-- com.amazonaws:aws-java-sdk-s3:1.11.271
-- com.amazonaws:jmespath-java:1.11.271
+- com.amazonaws:aws-java-sdk-core:1.11.754
+- com.amazonaws:aws-java-sdk-dynamodb:1.11.754
+- com.amazonaws:aws-java-sdk-kms:1.11.754
+- com.amazonaws:aws-java-sdk-s3:1.11.754
+- com.amazonaws:jmespath-java:1.11.754
Review comment:
The `com.amazonaws:aws-java-sdk-sts:1.11.754` dependency is missing here?
##########
File path: flink-filesystems/flink-s3-fs-hadoop/src/main/resources/META-INF/NOTICE
##########
@@ -3,11 +3,11 @@ Copyright 2014-2020 The Apache Software Foundation
This project bundles the following dependencies under the Apache Software License 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
-- com.amazonaws:aws-java-sdk-core:1.11.271
-- com.amazonaws:aws-java-sdk-dynamodb:1.11.271
-- com.amazonaws:aws-java-sdk-kms:1.11.271
-- com.amazonaws:aws-java-sdk-s3:1.11.271
-- com.amazonaws:jmespath-java:1.11.271
+- com.amazonaws:aws-java-sdk-core:1.11.754
+- com.amazonaws:aws-java-sdk-dynamodb:1.11.754
+- com.amazonaws:aws-java-sdk-kms:1.11.754
+- com.amazonaws:aws-java-sdk-s3:1.11.754
Review comment:
The com.amazonaws:aws-java-sdk-sts:1.11.754 dependency is missing here?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] rmetzger closed pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
rmetzger closed pull request #12008:
URL: https://github.com/apache/flink/pull/12008
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] rmetzger commented on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
rmetzger commented on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-626644779
@tweise (kinesis) @pnowojski (s3): What's your take on this change?
I'm tempted to merge it without additional testing. @aroch has tested the change, and it is unlikely to break anything.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] rmetzger commented on a change in pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
rmetzger commented on a change in pull request #12008:
URL: https://github.com/apache/flink/pull/12008#discussion_r425013456
##########
File path: flink-connectors/flink-connector-kinesis/src/main/java/org/apache/flink/streaming/connectors/kinesis/config/AWSConfigConstants.java
##########
@@ -70,15 +73,18 @@
/** Optional configuration for profile name if credential provider type is set to be PROFILE. */
public static final String AWS_PROFILE_NAME = profileName(AWS_CREDENTIALS_PROVIDER);
- /** The role ARN to use when credential provider type is set to ASSUME_ROLE. */
+ /** The role ARN to use when credential provider type is set to ASSUME_ROLE or WEB_IDENTITY_TOKEN. */
public static final String AWS_ROLE_ARN = roleArn(AWS_CREDENTIALS_PROVIDER);
- /** The role session name to use when credential provider type is set to ASSUME_ROLE. */
+ /** The role session name to use when credential provider type is set to ASSUME_ROLE or WEB_IDENTITY_TOKEN. */
Review comment:
Thanks a lot. It reads pretty well!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] flinkbot edited a comment on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-624669036
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "444df93e2914947a7abedb56bc1a67d465120086",
"status" : "FAILURE",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=698",
"triggerID" : "444df93e2914947a7abedb56bc1a67d465120086",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 444df93e2914947a7abedb56bc1a67d465120086 Azure: [FAILURE](https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=698)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] flinkbot edited a comment on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-624669036
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "444df93e2914947a7abedb56bc1a67d465120086",
"status" : "FAILURE",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=698",
"triggerID" : "444df93e2914947a7abedb56bc1a67d465120086",
"triggerType" : "PUSH"
}, {
"hash" : "0345244193a2bcaef61a025e25435eb24ee9a3ce",
"status" : "UNKNOWN",
"url" : "TBD",
"triggerID" : "0345244193a2bcaef61a025e25435eb24ee9a3ce",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 444df93e2914947a7abedb56bc1a67d465120086 Azure: [FAILURE](https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=698)
* 0345244193a2bcaef61a025e25435eb24ee9a3ce UNKNOWN
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] aroch commented on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
aroch commented on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-626125984
Thanks @rmetzger!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] flinkbot edited a comment on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-624669036
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "444df93e2914947a7abedb56bc1a67d465120086",
"status" : "DELETED",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=698",
"triggerID" : "444df93e2914947a7abedb56bc1a67d465120086",
"triggerType" : "PUSH"
}, {
"hash" : "0345244193a2bcaef61a025e25435eb24ee9a3ce",
"status" : "DELETED",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=721",
"triggerID" : "0345244193a2bcaef61a025e25435eb24ee9a3ce",
"triggerType" : "PUSH"
}, {
"hash" : "9125cf60f563c82706ac9b6666640192e33f6960",
"status" : "CANCELED",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=1280",
"triggerID" : "9125cf60f563c82706ac9b6666640192e33f6960",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 9125cf60f563c82706ac9b6666640192e33f6960 Azure: [CANCELED](https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=1280)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] aroch commented on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
aroch commented on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-625054129
@flinkbot run azure
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] flinkbot edited a comment on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-624669036
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "444df93e2914947a7abedb56bc1a67d465120086",
"status" : "DELETED",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=698",
"triggerID" : "444df93e2914947a7abedb56bc1a67d465120086",
"triggerType" : "PUSH"
}, {
"hash" : "0345244193a2bcaef61a025e25435eb24ee9a3ce",
"status" : "CANCELED",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=721",
"triggerID" : "0345244193a2bcaef61a025e25435eb24ee9a3ce",
"triggerType" : "PUSH"
}, {
"hash" : "9125cf60f563c82706ac9b6666640192e33f6960",
"status" : "UNKNOWN",
"url" : "TBD",
"triggerID" : "9125cf60f563c82706ac9b6666640192e33f6960",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 0345244193a2bcaef61a025e25435eb24ee9a3ce Azure: [CANCELED](https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=721)
* 9125cf60f563c82706ac9b6666640192e33f6960 UNKNOWN
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] aroch commented on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
aroch commented on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-626676047
It would be great if someone could take a second look.
I verified on EKS with the Lyft k8s operator.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] rmetzger commented on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
rmetzger commented on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-626120159
CI has passed ✅
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] rmetzger commented on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
rmetzger commented on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-625922766
Thanks a lot for your contribution. I manually re-triggered the failed job on Azure: https://dev.azure.com/apache-flink/apache-flink/_build/results?buildId=721&view=results
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] aroch commented on a change in pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
aroch commented on a change in pull request #12008:
URL: https://github.com/apache/flink/pull/12008#discussion_r425012028
##########
File path: flink-connectors/flink-connector-kinesis/src/main/java/org/apache/flink/streaming/connectors/kinesis/config/AWSConfigConstants.java
##########
@@ -70,15 +73,18 @@
/** Optional configuration for profile name if credential provider type is set to be PROFILE. */
public static final String AWS_PROFILE_NAME = profileName(AWS_CREDENTIALS_PROVIDER);
- /** The role ARN to use when credential provider type is set to ASSUME_ROLE. */
+ /** The role ARN to use when credential provider type is set to ASSUME_ROLE or WEB_IDENTITY_TOKEN. */
public static final String AWS_ROLE_ARN = roleArn(AWS_CREDENTIALS_PROVIDER);
- /** The role session name to use when credential provider type is set to ASSUME_ROLE. */
+ /** The role session name to use when credential provider type is set to ASSUME_ROLE or WEB_IDENTITY_TOKEN. */
Review comment:
I saw there was no dedicated section for setting up access to Kinesis. I thought it makes sense to add a new section with some details.
I'm not a technical writer, so please let me know what you think :)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] flinkbot edited a comment on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-624669036
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "444df93e2914947a7abedb56bc1a67d465120086",
"status" : "PENDING",
"url" : "https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=698",
"triggerID" : "444df93e2914947a7abedb56bc1a67d465120086",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 444df93e2914947a7abedb56bc1a67d465120086 Azure: [PENDING](https://dev.azure.com/apache-flink/98463496-1af2-4620-8eab-a2ecc1a2e6fe/_build/results?buildId=698)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] flinkbot commented on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
flinkbot commented on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-624669036
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "444df93e2914947a7abedb56bc1a67d465120086",
"status" : "UNKNOWN",
"url" : "TBD",
"triggerID" : "444df93e2914947a7abedb56bc1a67d465120086",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 444df93e2914947a7abedb56bc1a67d465120086 UNKNOWN
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] flinkbot commented on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
flinkbot commented on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-624660474
Thanks a lot for your contribution to the Apache Flink project. I'm the @flinkbot. I help the community
to review your pull request. We will use this comment to track the progress of the review.
## Automated Checks
Last check on commit 444df93e2914947a7abedb56bc1a67d465120086 (Wed May 06 13:48:27 UTC 2020)
**Warnings:**
* **4 pom.xml files were touched**: Check for build and licensing issues.
* No documentation files were touched! Remember to keep the Flink docs up to date!
<sub>Mention the bot in a comment to re-run the automated checks.</sub>
## Review Progress
* ❓ 1. The [description] looks good.
* ❓ 2. There is [consensus] that the contribution should go into to Flink.
* ❓ 3. Needs [attention] from.
* ❓ 4. The change fits into the overall [architecture].
* ❓ 5. Overall code [quality] is good.
Please see the [Pull Request Review Guide](https://flink.apache.org/contributing/reviewing-prs.html) for a full explanation of the review process.<details>
The Bot is tracking the review progress through labels. Labels are applied according to the order of the review items. For consensus, approval by a Flink committer of PMC member is required <summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot approve description` to approve one or more aspects (aspects: `description`, `consensus`, `architecture` and `quality`)
- `@flinkbot approve all` to approve all aspects
- `@flinkbot approve-until architecture` to approve everything until `architecture`
- `@flinkbot attention @username1 [@username2 ..]` to require somebody's attention
- `@flinkbot disapprove architecture` to remove an approval you gave earlier
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [flink] rmetzger commented on pull request #12008: [FLINK-14881] [s3|kinesis] Add support for IAM Roles for Service Accounts on AWS EKS
Posted by GitBox <gi...@apache.org>.
rmetzger commented on pull request #12008:
URL: https://github.com/apache/flink/pull/12008#issuecomment-628564448
Actually, I managed to get a debian based docker image. I still have the mentioned exception though.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org