Details
Description
The same bug was opened before but was closed
you can get Error "org.sonatype.nexus.blobstore.s3.internal.S3BlobStoreException: Bucket exists but is not owned by you" as Nexus doesn't use Service Account Token (IRSA) properly
Several people still have an issue with EKS IRSA Service Account
more details you can read in this comment https://issues.sonatype.org/browse/NEXUS-24019?focusedCommentId=1090798&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-1090798
If connect to Nexus k8s Pod and run
env
#AWS_ROLE_ARN=<NEXUS_IAM_ROLE>
#AWS_WEB_IDENTITY_TOKEN_FILE=/var/run/secrets/eks.amazonaws.com/serviceaccount/token
aws s3api get-bucket-acl --bucket <NEXUS_BLOBSTORE_BUCKET_NAME> { "Owner": { "DisplayName": "XXXX", "ID": "XXXX" }, "Grants": [ { "Grantee": { "DisplayName": "XXXX", "ID": "XXXX", "Type": "CanonicalUser" }, "Permission": "FULL_CONTROL" } ] }
everything is okĀ
but Nexus source code can not reuse these creds for S3 bucket actions
Attachments
Issue Links
- relates
-
NEXUS-24019 Use newer AWS SDK to support IRSA
-
- Closed
-