aws-vault not working with eksctl to update the add-ons of AWS EKS cluster
rondy-cg opened this issue · comments
Symptoms
Below is the command which I used to update the add-ons of AWS EKS cluster, then I got an error, any clue why it occurred?
% aws-vault exec production -- eksctl update addon -f eks-config-production.yaml --profile production
Error: could not create cluster provider from options: checking AWS STS access – cannot get role ARN for current session: operation error STS: GetCallerIdentity, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request send failed, Get "http://169.254.169.254/latest/meta-data/iam/security-credentials/": dial tcp 169.254.169.254:80: i/o timeout
Except updating the add-ons, aws-vault works fine to upgrade the control plane and node groups of AWS EKS cluster, which makes the error more weird, can anyone help to advise please? Thanks.
More Details
- I am using the latest release of AWS Vault
% aws-vault --version
v7.2.0
- profile setting in
.aws/config
[profile production]
region=ap-northeast-1
mfa_serial=arn:aws:iam::xxxxxx:mfa/yyyyyy
- eks-config-production.yaml
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: "production"
region: "ap-northeast-1"
version: "1.24"
addons:
- name: vpc-cni
version: 1.13.2
resolveConflicts: overwrite
- name: coredns
version: 1.9.3
resolveConflicts: overwrite
- name: kube-proxy
version: 1.24.10
resolveConflicts: overwrite
- name: aws-ebs-csi-driver
version: 1.20.0
serviceAccountRoleARN: "arn:aws:iam::xxxxxx:role/production_AmazonEKS_EBS_CSI_DriverRole"
resolveConflicts: overwrite
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.