kube-aws-iam-controller icon indicating copy to clipboard operation
kube-aws-iam-controller copied to clipboard

Published 20 hours ago verified publisher icon zalando-incubator

Deprecate pod discovery

Open mikkeloscar opened this issue 5 years ago • 1 comments

Deprecate and later remove the feature of automatically discovering IAM roles by looking at pod with a secret mount named aws-iam-*

The feature is very limited and has been replaced by #13

mikkeloscar avatar Jun 18 '19 06:06 mikkeloscar

How can we stop this pod discovery? as this causing lots of errors in iam-controller pods

Failed to get credentials for role authenticator-token-zrxnp: AccessDenied: User: arn:aws:sts::xxxx:assumed-role/nodes.xxxx/xxxx is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::xxx:role/authenticator-token-zrxnp\n\tstatus code: 403

we don't have any such role neither awsIamRole CR but we do have aws-iam-authenticator pod and it has secret with aws-iam-authenticator used by same pod

Deepak1100 avatar Mar 01 '22 11:03 Deepak1100