-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Lack of region leads to incorrect STS API call for IRSA credentials. #1308
Comments
hi @Dennor, thanks for reporting this. Could you also provide the YAML output of the IRSA provider config implementation assumes that the provider pod runs on an EKS cluster. EKS injects several extra environment variables on IRSA-enabled pods, like For the kubernetes distribution you use, I am not sure how IRSA-related configuration is injected, e.g. how |
@erhancagirici look at this closed issue for some more context: #1252 This is still not solved IMO. Ideally we could have something like:
|
checkout this: #1459 |
This provider repo does not have enough maintainers to address every issue. Since there has been no activity in the last 90 days it is now marked as |
This issue is being closed since there has been no activity for 14 days since marking it as |
Is there an existing issue for this?
Affected Resource(s)
Resource MRs required to reproduce the bug
Steps to Reproduce
What happened?
I've expected the provider to authenticate with STS endpoint like others do. Unfortunately due to the lack of region provider attempts to call STS endpoint without region and fails. It attempts to call
sts..amazonaws.com
which is clearly wrong.Relevant Error Output Snippet
Warning CannotConnectToProvider 9m34s (x29 over 32m) managed/iam.aws.upbound.io/v1beta1, kind=role cannot initialize the Terraform plugin SDK async external client: cannot get terraform setup: cache manager failure: cannot retrieve the AWS account ID: GetCallerIdentity query failed: operation error STS: GetCallerIdentity, get identity: get credentials: failed to refresh cached credentials, failed to retrieve credentials, operation error STS: AssumeRoleWithWebIdentity, https response error StatusCode: 0, RequestID: , request send failed, Post "https://sts..amazonaws.com/": dial tcp: lookup sts..amazonaws.com: no such host
Crossplane Version
1.15.2
Provider Version
1.4.0
Kubernetes Version
1.29.4
Kubernetes Distribution
k0s
Additional Info
A simple addition of
in the DeploymentRuntimeConfig fixes the issue.
The text was updated successfully, but these errors were encountered: