Hello,

I've come across this issue in kiam/kube2iam where I am deploying these solutions in a private eks cluster.
Iptables is not configured in the cluster.
Kiam agent uses hostNetwork.
Kiam server retrieves credentials (can be seen in the logs), is able to get namespaces and pods that have required roles through the annotation.
The pod assumes the instance role, not the role specified in the annotation.
Kiam agent doesn't log errors. grpc debug logs also don't show any errors. It's like the agent doesn't intercept the pod's request for temporary AWS credentials. pods do not use hostNetwork.

The same setup works without any issue in another eks cluster deployed in public subnets.

Has anyone encountered something similar? Do you have any ideas for fixing this?

@georgestoian did you found the answer? Could you provide some details, please?

The iptables rule was not configured. Setting agent.host.iptables: true fixed the issue.