autoscaler icon indicating copy to clipboard operation
autoscaler copied to clipboard
verified publisher icon kubernetes

Aws Pod Identity provider ,not working

Open vieerD opened this issue 1 year ago • 2 comments

Which component are you using?: I am using aws pod identity provider , i gave admin rights to role , and able to access aws services using same service account

Auto - scaling Is your feature request designed to solve a problem? If so describe the problem this feature should solve.:

Describe the solution you'd like.: I would like to auth using pod identity agent

Describe any alternative solutions you've considered.:

Additional context.: This error it shows Ignoring, HTTP credential provider invalid endpoint host, "169.254.170.23", only loopback hosts are allowed.

This is my file

Name: cluster-autoscaler-6958ff4fc5-dbr6j Namespace: kube-system Priority: 2000000000 Priority Class Name: system-cluster-critical Service Account: cluster-autoscaler Node: ip-10-0-18-146.us-east-2.compute.internal/10.0.18.146 Start Time: Wed, 20 Dec 2023 23:30:51 +0530 Labels: app=cluster-autoscaler pod-template-hash=6958ff4fc5 Annotations: prometheus.io/port: 8085 prometheus.io/scrape: true Status: Running SeccompProfile: RuntimeDefault IP: 10.0.19.200 IPs: IP: 10.0.19.200 Controlled By: ReplicaSet/cluster-autoscaler-6958ff4fc5 Containers: cluster-autoscaler: Container ID: containerd://38da2df28cda2122cdfcc35f11804964e2238b8e95d4c8b55cf9ddecfff84bdf Image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.2 Image ID: registry.k8s.io/autoscaling/cluster-autoscaler@sha256:fe25585a9b4bbf85bb3ee0ea4f84187683b9106f2838f28d8717a6fdacb84501 Port: Host Port: Command: ./cluster-autoscaler --v=4 --stderrthreshold=info --cloud-provider=aws --skip-nodes-with-local-storage=false --expander=least-waste --balance-similar-node-groups --skip-nodes-with-system-pods=false --node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/my-cluster2 State: Terminated Reason: Error Exit Code: 255 Started: Wed, 20 Dec 2023 23:31:32 +0530 Finished: Wed, 20 Dec 2023 23:31:34 +0530 Last State: Terminated Reason: Error Exit Code: 255 Started: Wed, 20 Dec 2023 23:31:17 +0530 Finished: Wed, 20 Dec 2023 23:31:18 +0530 Ready: False Restart Count: 2 Limits: cpu: 100m memory: 600Mi Requests: cpu: 100m memory: 600Mi Environment: AWS_STS_REGIONAL_ENDPOINTS: regional AWS_DEFAULT_REGION: us-east-2 AWS_REGION: us-east-2 AWS_CONTAINER_CREDENTIALS_FULL_URI: http://169.254.170.23/v1/credentials AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE: /var/run/secrets/pods.eks.amazonaws.com/serviceaccount/eks-pod-identity-token Mounts: /etc/ssl/certs/ca-certificates.crt from ssl-certs (ro) /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-qbnbj (ro) /var/run/secrets/pods.eks.amazonaws.com/serviceaccount from eks-pod-identity-token (ro)

vieerD avatar Dec 20 '23 18:12 vieerD

Having the same issue with this exact error message. Updating the version of the aws sdk would probably be sufficient to solve it.

tim-koehler avatar Jan 02 '24 16:01 tim-koehler

/area provider/aws

Shubham82 avatar Jan 09 '24 08:01 Shubham82

Having the same issue with this exact error message. Updating the version of the aws sdk would probably be sufficient to solve it.

Hello mate, did you get this to work?

I'm not getting the same error though, just curious if you ever got this to work with Pod Identity Association. Thanks.

IdoOzeri avatar Jan 22 '24 00:01 IdoOzeri

https://github.com/kubernetes/autoscaler/pull/6325 which is in 1.29.0 version should help. Cause https://docs.aws.amazon.com/eks/latest/userguide/pod-id-minimum-sdk.html

kappa8219 avatar Jan 25 '24 09:01 kappa8219

Yes I have tried that in the meantime also. It is working with cluster autoscaler v1.29

tim-koehler avatar Jan 25 '24 12:01 tim-koehler

@IdoOzeri @vieerD As #6325 resolved this, could you please check it, if it resolved so can we close this Issue

Shubham82 avatar Jan 29 '24 06:01 Shubham82

Now waiting for helm charts to catch up. :)

kappa8219 avatar Jan 29 '24 09:01 kappa8219

@kappa8219, I have opened a PR #6475 for updating the helm chart.

Shubham82 avatar Jan 29 '24 11:01 Shubham82

@kappa8219, I have opened a PR #6475 for updating the helm chart.

Thanks and I thumbed it up :)

kappa8219 avatar Jan 29 '24 11:01 kappa8219

closing this issue, as PR #6475 is merged.

Shubham82 avatar Mar 05 '24 07:03 Shubham82

/close

Shubham82 avatar Mar 05 '24 07:03 Shubham82

@Shubham82: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Mar 05 '24 07:03 k8s-ci-robot