amazon-eks-pod-identity-webhook
amazon-eks-pod-identity-webhook copied to clipboard
aws
k8s.io/client-go/informers/factory.go:159: failed to list *v1.ServiceAccount: Unauthorized
k8s version : v1.26.5 I am trying to run this pod-identitywebhook on an onprem cluster. The mutatingwebhook is created fine and the deployment create pods without any issues. The webhook is not mutating requests this is what i see this in pod logs W0223 04:44:12.616581 1 client_config.go:618] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. I0223 04:44:12.617802 1 main.go:291] Creating server I0223 04:44:12.617831 1 main.go:312] Listening on :9999 for metrics and healthz I0223 04:44:12.617937 1 main.go:306] Listening on :443 W0223 04:44:12.629160 1 reflector.go:539] k8s.io/client-go/informers/factory.go:159: failed to list *v1.ServiceAccount: Unauthorized E0223 04:44:12.629213 1 reflector.go:147] k8s.io/client-go/informers/factory.go:159: Failed to watch *v1.ServiceAccount: failed to list *v1.ServiceAccount: Unauthorized W0223 04:44:13.830045 1 reflector.go:539] k8s.io/client-go/informers/factory.go:159: failed to list *v1.ServiceAccount: Unauthorized E0223 04:44:13.830118 1 reflector.go:147] k8s.io/client-go/informers/factory.go:159: Failed to watch *v1.ServiceAccount: failed to list *v1.ServiceAccount: Unauthorized W0223 04:44:16.722853 1 reflector.go:539] k8s.io/client-go/informers/factory.go:159: failed to list *v1.ServiceAccount: Unauthorized E0223 04:44:16.722907 1 reflector.go:147] k8s.io/client-go/informers/factory.go:159: Failed to watch *v1.ServiceAccount: failed to list *v1.ServiceAccount: Unauthorized W0223 04:44:20.647315 1 reflector.go:539] k8s.io/client-go/informers/factory.go:159: failed to list *v1.ServiceAccount: Unauthorized E0223 04:44:20.647366 1 reflector.go:147] k8s.io/client-go/informers/factory.go:159: Failed to watch *v1.ServiceAccount: failed to list *v1.ServiceAccount: Unauthorized W0223 04:44:29.097820 1 reflector.go:539] k8s.io/client-go/informers/factory.go:159: failed to list *v1.ServiceAccount: Unauthorized E0223 04:44:29.097873 1 reflector.go:147] k8s.io/client-go/informers/factory.go:159: Failed to watch *v1.ServiceAccount: failed to list *v1.ServiceAccount: Unauthorized W0223 04:44:49.630920 1 reflector.go:539] k8s.io/client-go/informers/factory.go:159: failed to list *v1.ServiceAccount: Unauthorized E0223 04:44:49.630973 1 reflector.go:147] k8s.io/client-go/informers/factory.go:159: Failed to watch *v1.ServiceAccount: failed to list *v1.ServiceAccount: Unauthorized What you expected to happen:
How to reproduce it (as minimally and precisely as possible): git clone the repo cd deploy change image in deployment-base.yaml to "amazon/amazon-eks-pod-identity-webhook:0.5.0" k apply -f auth.yaml
for mutatingwebhook change apiVersion : admissionregistration.k8s.io/v1 instead of v1beta1. *** this is what i think is causing the issue, but we can not use v1beta1 with 1.26 k apply -f mutatingwebhook.yaml k apply -f deployment-base.yaml k apply -f service.yaml
Environment: ubuntu 22.04 k8s version 1.26.5
- Webhook Version: 0.5.0
