Skip to content

Add Support for S3 EKS pod identity. #4414

New issue
New issue
Open
Open
Add Support for S3 EKS pod identity.#4414
@wolrajhti

Description

@wolrajhti
wolrajhti
opened on Feb 5, 2026

Overview

PGO does not currently support using AWS EKS Pod Identity with pgBackRest 2.58.0.

Use Case

pgBackRest v2.58 added native support for AWS EKS Pod Identity authentication.
The goal is to use this feature in PGO on EKS without relying on node IAM roles, IRSA or static credentials.

However, PostgreSQL executes archive_command without access to the pod’s environment variables, which causes pgBackRest authentication to fail when using Pod Identity. This prevents using modern, recommended AWS authentication mechanisms with PGO.

Environment

Platform: EKS

Platform Version: 1.34

PGO Image Tag: ghcr.io/wolrajhti/postgres-operator/pgbackrest:latest

Postgres Version: 17

Storage: S3

Additional Information

pgBackRest PR adding pod identity support:
pgbackrest/pgbackrest#2719

Attempted integration in postgres-operator:
32e4548

Issue appears related to PostgreSQL archive_command not inheriting container environment variables.

I don't understand why Pod Identity variables aren't visible, if Web Identity ones are.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions