Support service account linked IAM roles in EKS
ldx opened this issue · comments
Right now this does not work. On a regular worker node:
# env | grep AWS
AWS_ROLE_ARN=arn:aws:iam::111111111111:role/test-role
AWS_WEB_IDENTITY_TOKEN_FILE=/var/run/secrets/eks.amazonaws.com/serviceaccount/token
root@test-5689c4f7c7-tvnjf:/# ls -l $AWS_WEB_IDENTITY_TOKEN_FILE
lrwxrwxrwx 1 root root 12 Oct 27 16:21 /var/run/secrets/eks.amazonaws.com/serviceaccount/token -> ..data/token
In a Kip pod:
# env | grep AWS
AWS_ROLE_ARN=arn:aws:iam::111111111111:role/test-role
AWS_WEB_IDENTITY_TOKEN_FILE=/var/run/secrets/eks.amazonaws.com/serviceaccount/token
root@test-59bdcfd887-h2x47:/# ls -l $AWS_WEB_IDENTITY_TOKEN_FILE
ls: cannot access '/var/run/secrets/eks.amazonaws.com/serviceaccount/token': No such file or directory
root@test-59bdcfd887-h2x47:/# ls -l /var/run/secrets/eks.amazonaws.com/serviceaccount/
total 0
For some reason the token directory is empty when Kip is packaging it up before sending it over to the cell.