Since upgrading to Kubernetes 1.20 we no longer get kiam related events on pods due to the use of the deprecated metadata.selfLink field. This was deprecated in Kubernetes 1.16 and removed in 1.20

We see error logs relating to this in kiam-server, example:

ERROR: logging before flag.Parse: E0706 15:08:28.333117       1 event.go:260] Could not construct reference to: '&v1.Pod{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, 
<redacted>
 due to: 'selfLink was empty, can't make reference'. Will not report event: 'Warning' 'KiamCredentialError' 'failed retrieving credentials: AccessDenied: User: arn:aws:sts::<redacted>:assumed-role/<redacted>/<redacted> is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::<redacted>:role/<redacted>'

Looks like it's using EventRecorder from client-go although v7.0.0 looks pretty old, I'm guessing the client libraries will need updating to use a version that constructs the object reference using different fields.

I am also getting the same issues sadly and its effecting my pods ability to access AWS resources:

I am not sure what to do tbh.

also facing this issue (v1.20), with other projects also, example of a related fix kubernetes-csi/external-provisioner#323

In case you want to stage #507 PR's image, I pushed it to docker.io/xjjo/kiam:jjo-fix-issue-484-libs-v0.20, ie use image: xjjo/kiam:jjo-fix-issue-484-libs-v0.20 in the manifests.