Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How do I retrieve serviceaccount information?

Steven_Esemplare
Steven_Esemplare June 28, 2022

Hi,

We are using the runners on Kubernetes and defining a serviceaccount that bound to an IAM role/policy. However, when we run a step using a runner (with a custom pipe), the environment variables (AWS_ROLE_ARN, AWS_REGION, and AWS_WEB_IDENTITY_TOKEN) for the container are not accessible.

Can someone provide insight in to how this can be accomplished?

Thanks!

Answer
Watch
Like Be the first to like this
300 views

3 answers

Suggest an answer

Log in or Sign up to answer
0 votes
Marcos Sampaio
Marcos Sampaio
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 12, 2023

hi @Steven_Esemplare , 

 

Passing these variables to the build container is not possible at the moment.

 

However, not sure if it fits your use case but one thing that you could consider using is Bitbucket Pipelines OIDC feature:

https://support.atlassian.com/bitbucket-cloud/docs/deploy-on-aws-using-bitbucket-pipelines-openid-connect/

Reply
0 votes
Igor Stoyanov
Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 21, 2023

@Steven_Esemplare hi. Sorry for the late response.
I tested AWS pipe usage with self.hosted runners with providing repository variables such AWS_KEY, AWS_SECRET to deploy to s3 and found no issues.
If this problem is still actual please check the next:

  • Your architecture should be amd64;
  • Test your case without runners with just run your pipe through Bitbucket Pipelines. Do you have problems here or all works as should?
  • If all works with Bitbucket Pipelines, then provide your  bitbucket-pipelines.yaml configuration file. Also provide the output of the runners execution (pipelines UI logs and runner logs)

Regards, Igor

View More Comments
Reply
vitalii.kostenko
vitalii.kostenko December 8, 2023

@Igor Stoyanov  You have just described Old fashioned way when U create a User in IAM, generate API token and secret and manually pass them into pipeline executor via ENV vars.

Stevent is using new way to manage AWS access from Kubernetes https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html

@Oleksandr Kyrdan I've reported similar issue https://community.atlassian.com/t5/Bitbucket-questions/AWS-IRSA-for-K8s-based-runner/qaq-p/2555377




Like
0 votes
Oleksandr Kyrdan
Oleksandr Kyrdan
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 26, 2022

Hi @Steven_Esemplare 

Thank you for your question!

We'll investigate the case and notify you.

 

Best regards,
Oleksandr Kyrdan

Reply
groups-icon
Bitbucket Pipelines: Runner Autoscaler for Kubernetes
TAGS
AUG Leaders

Atlassian Community Events

    See all events