stefanprodan / mgob

MongoDB dockerized backup agent. Runs schedule backups with retention, S3 & SFTP upload, notifications, instrumentation with Prometheus and more.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Support to use AWS IAM role

vyasswaroop opened this issue · comments

I am using kube2iam to attach iam roles to pods. Would be awesome if we can support the IAM role in the statefulset.

Currently if we ignore the aws credentials part, it will error up and stop with "Incorrect number of arguments for host add command.". Would be better if we can make the credentials part as a non required field.

Your issue cause because mgob uses Minio Client for reach S3 api
https://github.com/stefanprodan/mgob/blob/master/pkg/backup/s3.go#L17
Unfortunately, compiled MC binary doesn't access STS for Assume Role or with Web identity.
It is possible to do in minio-go library as example:
https://github.com/minio/minio-go/pull/1183/files/99323bc99b5750596474823402e24ef147f2cb33
So, it require MGOB to be rewritten with minio-go library and don't use compiled MC binary.

@vyasswaroop you may try to use my forked docker image (https://hub.docker.com/repository/docker/gueux/mgob) that was built from this branch
https://github.com/gueux/mgob/tree/switch-from-minio-to-awscli

I've remove Minio Client and use AWS CLI instead, that allow you to use Assume Role injection from Kube2IAM operator.

@stefanprodan this issue was opened a year ago, could we have a comment from you whenever you have a moment? I'd believe this is a quite common need.