Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support service account linked IAM roles in EKS #184

Open
ldx opened this issue Oct 27, 2020 · 0 comments
Open

Support service account linked IAM roles in EKS #184

ldx opened this issue Oct 27, 2020 · 0 comments

Comments

@ldx
Copy link
Contributor

ldx commented Oct 27, 2020

Right now this does not work. On a regular worker node:

# env | grep AWS
AWS_ROLE_ARN=arn:aws:iam::111111111111:role/test-role
AWS_WEB_IDENTITY_TOKEN_FILE=/var/run/secrets/eks.amazonaws.com/serviceaccount/token
root@test-5689c4f7c7-tvnjf:/# ls -l $AWS_WEB_IDENTITY_TOKEN_FILE
lrwxrwxrwx 1 root root 12 Oct 27 16:21 /var/run/secrets/eks.amazonaws.com/serviceaccount/token -> ..data/token

In a Kip pod:

# env | grep AWS
AWS_ROLE_ARN=arn:aws:iam::111111111111:role/test-role
AWS_WEB_IDENTITY_TOKEN_FILE=/var/run/secrets/eks.amazonaws.com/serviceaccount/token
root@test-59bdcfd887-h2x47:/# ls -l $AWS_WEB_IDENTITY_TOKEN_FILE
ls: cannot access '/var/run/secrets/eks.amazonaws.com/serviceaccount/token': No such file or directory
root@test-59bdcfd887-h2x47:/# ls -l /var/run/secrets/eks.amazonaws.com/serviceaccount/
total 0

For some reason the token directory is empty when Kip is packaging it up before sending it over to the cell.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ldx