-
Notifications
You must be signed in to change notification settings - Fork 645
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request to add Metadata API environment variables #1080
Comments
@jhsmith Just to clarify, do you need to use environment variables similar to the ones you have mentioned above but for S3 in minio-go? Also, minio implements only S3 API. Will check internally if we can support such an environment variable. |
Correct. We'd like environment variables that control performing retries (and controlling the timeout) when accessing the following urls upon encountering an error: minio-go/pkg/credentials/iam_aws.go Line 54 in e6694bc
We believe this will help alleviate what is may be a race-condition or a design issue with kube2iam: jtblin/kube2iam#136 Adding retries and increasing the timeout when accessing the AWS Metadata API in Boto3 allowed our Python projects to work as expected. |
i would really like to be able to control the behavior of this http call, as it seems precarious to have any http call that could end your session if it doesn't get success on the first and only try. Additionally this call out to the metadata api is to a hard-coded endpoint which COULD also be configurable (or dynamically resolved) since AWS has regional endpoints to help make this call add less latency. |
We would love to support feel free to send a PR |
@jhsmith I spoke about this internally and we have decided not to add environment variables. Application should handle environment variables and not SDKs. If let's say there are more than one application using the same SDK and one wants to use the environment variable then another application will get it by mistake. |
Closing this issue as won't fix. Please feel free to reach out to us if you have further questions. |
@jhsmith did you end up finding a workaround? just got bit by this one ourselves with KIAM. |
@stefansedich we had to go around kiam/kube2iam and add explicit aws creds as env vars for our pods rather than relying on the metadata api. Rather disappointing. |
Would you consider adding support for explicit timeout & retry when accessing the AWS Metadata API, similar to AWS_METADATA_SERVICE_TIMEOUT & AWS_METADATA_SERVICE_NUM_ATTEMPTS in Boto3?
See:
https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html
https://github.com/boto/botocore/blob/21ad34d727a301dbfc3bb47159a41cbd64e3bff2/botocore/configprovider.py#L59-L68
Reasoning:
I'm indirectly using Minio (I'm an Argo user: https://github.com/argoproj/argo) in an Amazon EKS cluster. There's a bad interaction with another tool (kube2iam), that may introduce errors when accessing the Metadata API. We've been able to circumvent the issue in our Python projects using Boto3 using these two environment variables, but Argo (using Minio) has a high number of failures in our environment.
Thanks!
The text was updated successfully, but these errors were encountered: