Giters

elotl / kip

Virtual-kubelet provider running pods in cloud instances

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Support service account linked IAM roles in EKS

ldx opened this issue · comments

commented

Right now this does not work. On a regular worker node:

# env | grep AWS
AWS_ROLE_ARN=arn:aws:iam::111111111111:role/test-role
AWS_WEB_IDENTITY_TOKEN_FILE=/var/run/secrets/eks.amazonaws.com/serviceaccount/token
root@test-5689c4f7c7-tvnjf:/# ls -l $AWS_WEB_IDENTITY_TOKEN_FILE
lrwxrwxrwx 1 root root 12 Oct 27 16:21 /var/run/secrets/eks.amazonaws.com/serviceaccount/token -> ..data/token

In a Kip pod:

# env | grep AWS
AWS_ROLE_ARN=arn:aws:iam::111111111111:role/test-role
AWS_WEB_IDENTITY_TOKEN_FILE=/var/run/secrets/eks.amazonaws.com/serviceaccount/token
root@test-59bdcfd887-h2x47:/# ls -l $AWS_WEB_IDENTITY_TOKEN_FILE
ls: cannot access '/var/run/secrets/eks.amazonaws.com/serviceaccount/token': No such file or directory
root@test-59bdcfd887-h2x47:/# ls -l /var/run/secrets/eks.amazonaws.com/serviceaccount/
total 0

For some reason the token directory is empty when Kip is packaging it up before sending it over to the cell.