Bump minio client version to support assume-web-identity-role for AWS
#3398
Comments
|
We also need to bump argo workflow version to make sure Argo sidecar use right SDK to persist artifacts to S3. |
|
To be clear, this is different from assuming instance profiles via kube2iam / kiam |
|
Argo side, argo tracks awssdk upgrade in this issue. argoproj/argo-workflows#1774. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
stale
bot
added
the
lifecycle/stale
|
This issue has been automatically closed because it has not had recent activity. Please comment "/reopen" to reopen it. |
|
This issue has been automatically closed because it has not had recent activity. Please comment "/reopen" to reopen it. |
|
/reopen |
|
@Jeffwan: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
stale
bot
removed
the
lifecycle/stale
|
/assign |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
stale
bot
added
the
lifecycle/stale
|
@PatrickXYS minio-go module is still at 6.0.14, we would like to use IRSA on EKS, Is there a way this could be bumped up to 6.0.45 or latest. Thanks Also any plans to do the same for minio-js ? |
stale
bot
removed
the
lifecycle/stale
|
/assign @surajkota Suraj will be working on AWS part |
|
/unassign |
|
/unassign |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
stale
bot
added
the
lifecycle/stale
|
Hi, please re-consider to add support for this. |
stale
bot
removed
the
lifecycle/stale
|
@LEDfan yes, we are waiting for minio-js release 7.0.27 so that we can enable this feature. |
|
Minio-js 7.0.27 was released https://github.com/minio/minio-js/tree/7.0.27 with assume role support |
|
@Jeffwan @surajkota @PatrickXYS any plans here? |
|
Yes, we do. We had started on this and updated minio-go in #7946 but this is not sufficient for the UI to work. For the UI to work, we need minio-js support. Minio-js is also available but the corresponding typescript bindings are not. We have paused on this right now also to investigate user experience. Some of the service accounts are in Kubeflow namespace and some are in user profile namespace. Currently, the @rrrkharse feel free to post the latest on this, if I missed something |
|
Closing this issue. Looks like the PR is closed and it covered what this issue asked as feature. /close |
|
@rimolive: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What steps did you take:
aws add IAM For Service Account feature and aws user doesn't have to inject AWS credentials as env variables.
This requires us to use high AWS SDK version which supports
assume-web-identity-role.In this case, we need to add new resolver for minio client.
Here's the minio js and golang version.
pipelines/frontend/server/package.json
Line 13 in a92d522
https://github.com/kubeflow/pipelines/blob/master/go.mod#L50
The minimum version to support this issue is
/kind feature
/area frontend
/area backend
The text was updated successfully, but these errors were encountered: