Is there a way to use the built-in etcd backup to ...
# rke2m
millions-france-61475
06/09/2025, 8:08 PMIs there a way to use the built-in etcd backup to S3 without static credentials? I saw the CAPI provider CRD says
If empty, the controller will default to IAM authenticationc
creamy-pencil-82913
06/09/2025, 8:15 PMcorrect, that is what it will do
creamy-pencil-82913
06/09/2025, 8:15 PMyou can also store creds in a secret, if you need static creds that can be rotated without restarting.
m
millions-france-61475
06/09/2025, 8:18 PMThanks. Is the IAM auth typically done using an instance profile? We have IRSA but I don't think that will work because the backup runs on the host not inside kubernetes right?
c
creamy-pencil-82913
06/09/2025, 8:19 PMyes it would need to be an instance profile, not a IRSA pod role as RKE2 runs on the host itself, not within the cluster. It IS the cluster.
👍 1