[druid-user] IRSA in Kubernetes

Does anyone have any tips for getting IRSA for EKS to work in Druid? I see that support was added in 0.22.0, but every time I try to ingest from s3 I get a 403 Access Denied. I’ve triple-checked that my IRSA setup is correct. If I manually launch a pod with the correct ServiceAccount, I can exec into that pod and confirm that I can read from the buckets that the IAM role grants. But trying to get it to load thru the Druid console is not working.

I’m very new to Druid, so it’s entirely possible that I’m missing something simple and obvious.

My storage config is:

druid.storage.type=s3
druid.storage.bucket=my-bucket-name
druid.storage.baseKey=druid/segments
druid.storage.sse.type=s3

I should also mention that I’m using the druid-operator to run Druid in k8s.

Hi John,

I was researching the PR related to this and came upon a ticket where this issue is being actively discussed.

So it seems like it is a known problem. I’ll try to raise awareness of this issue with the committers in the community.
Feel free to join the conversation in github, it helps bring attention and priority to the problem.