-
Notifications
You must be signed in to change notification settings - Fork 352
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pipe and integration creation based on YAML file fails , #5963
Comments
Hello. It seems the installation did not proceed correctly. I suggest you to clean the previous installation and proceed from scratch following the official Camel K installation guides. |
You may also want to check the Camel K troubleshooting guide. |
how we can pass ServiceAccount to pipe yaml instead of aws accesskey and secretkey to access aws sqs ? |
this is sample of pipe yaml . i am passing service account in pipe but still getting beloow error `apiVersion: camel.apache.org/v1 spec: |
The usage of ServiceAccount has nothing to do with the Kamelet or component configuration. You still need to provide secret, likely in the form of Camel properties which are backed by a Secret config. |
Okay. thank you . from pipe.yaml how we can set when i am applying yaml with above traits setting , i am getting |
Yes, the trait configuration in Pipes is different. |
Hi Team , could you please help me to leverage k8s secrets in pipe.yaml . here i am trying but its not working. how pipe.yaml will read secrets from k8s . could you please give me proper yaml `apiVersion: camel.apache.org/v1 spec: |
Hello. All the information is provided in the links in the documentation posted in previous comments, please, go through it.
|
@squakez : I tried using the access key and secret, but it's not working. Could you please provide a sample pipe.yaml file that uses secrets from Kubernetes secrets? Alternatively, is there a way to use an IAM role through a service account in the pipe.yaml |
Hello, there should be enough documentation about this matter as shared in the previous comments. This is how to configure on an Integration: https://camel.apache.org/camel-k/2.5.x/configuration/runtime-config.html#runtime-config-props - the mechanisms for the Pipe is identical. |
"I followed the documentation, but it's not picking up the secrets and is giving the error: Caused by: j: java.lang.IllegalArgumentException: useDefaultCredentialsProvider is set to false, useProfileCredentialsProvider is set to false, useSessionCredentials is set to false, AmazonSQSClient or accessKey and secretKey must be specified In my pipe.yaml, it works when I directly use the AWS accessKey and secretKey, but I cannot commit these keys to GitHub for security reasons. Instead, I want to use a Kubernetes ServiceAccount with IRSA roles in the kind: pipe Kubernetes configuration. How can I achieve this, or how can I reference Kubernetes secrets inside the pipe.yaml file kid: pipe |
Use a secret, you cannot refer a service account. |
Okay , `apiVersion:`` camel.apache.org/v1 annotations: spec: Caused by: org.apache.camel.FailedToCreateRouteException: Failed to create route source: Route(source)[From[aws2-sqs:{{queueNameOrArn}}?accessKey=xxxxxx because of Failed to resolve endpoint: aws2-sqs://queue name?accessKey=xxxxxx&amazonAWSHost=amazonaws.com&autoCreateQueue=false&delay=500&deleteAfterRead=true&greedy=false&maxMessagesPerPoll=1&overrideEndpoint=false&protocol=https®ion=us-west-2&secretKey=xxxxxx&sessionToken=xxxxxx&useDefaultCredentialsProvider=false&useProfileCredentialsProvider=false&useSessionCredentials=false due to: The security token included in the request is invalid. (Service: Sqs, Status Code: 403, Request ID: 877ef9f1-9e7d-5bf6-9e7f-a6392799a81d) |
Surround the secret key parameter with RAW(). Do you have special char in the key like + or /? Then use RAW({{env:..}}) |
Now getting aused by: org.apache.camel.ResolveEndpointFailedException: Failed to resolve endpoint: aws2-sqs://queue-jaeaccessKey=xxxxxx)&amazonAWSHost=amazonaws.com&autoCreateQueue=false&delay=500&deleteAfterRead=true&greedy=false&maxMessagesPerPoll=1&overrideEndpoint=false&protocol=https®ion=us-west-2&secretKey=xxxxxx)&sessionToken=xxxxxx&useDefaultCredentialsProvider=false&useProfileCredentialsProvider=false&useSessionCredentials=false due to: Invalid key=value pair (missing equal-sign) in Authorization header (hashed with SHA-256 and encoded with Base64): 'n89f/dLinHLU1RT5+GtK0ZOBXg7Ov6gUs8MgPGbLap4='. |
Can you post the pipe now? It seems you syntax is wrong |
`apiVersion: camel.apache.org/v1 spec: |
This ({{ env:AWS_ACCESS_KEY_ID }}) Should be RAW({{ env:AWS_ACCESS_KEY_ID }}) Same for the secret key. I wrote it above |
Still same issue Caused by: software.amazon.awssdk.services.sqs.model.SqsException: Invalid key=value pair (missing equal-sign) in Authorization header (hashed with SHA-256 and encoded with Base64): 'hMg4ZI09YH7RNqzswja69tK20cHVncx0RApiU0fJLrU='. (Service: Sqs, Status Code: 400, Request ID: b4c352cb-e952-5053-b9e8-0d0317df63a2) |
That component, with that authentication mechanism,have been around for many years, so I can only suppose it is something on your side. We cannot help more than this. |
@pguptajsq I think you can take as a reference this chat thread: https://camel.zulipchat.com/#narrow/channel/257299-camel-k/topic/Hashicorp.20Token.20in.20modeline/near/480962291 Ideally you should be able to put in your Pipe or Integration specification a Camel property, such as |
getting kubectl apply -f pipe1.yaml |
Please, you need to carefully read and understand the solutions we have already proposed. This problem was previously discussed in this thread [1]. The configuration of annotations in Pipes is different than in Integrations. [1] #5963 (comment) |
What happened?
i have this yaml and applied , it created pipe and integration but it showing error
and also Integration
Any idea what's missing here?
Another Query how we can pass ServiceAccount to pipe yaml instead of aws accesskey and secretkey
Steps to reproduce
No response
Relevant log output
No response
Camel K version
No response
The text was updated successfully, but these errors were encountered: