-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Aws Pod Identity provider ,not working #6392
Comments
Having the same issue with this exact error message. |
/area provider/aws |
Hello mate, did you get this to work? I'm not getting the same error though, just curious if you ever got this to work with Pod Identity Association. Thanks. |
#6325 which is in 1.29.0 version should help. Cause https://docs.aws.amazon.com/eks/latest/userguide/pod-id-minimum-sdk.html |
Yes I have tried that in the meantime also. |
Now waiting for helm charts to catch up. :) |
@kappa8219, I have opened a PR #6475 for updating the helm chart. |
Thanks and I thumbed it up :) |
closing this issue, as PR #6475 is merged. |
/close |
@Shubham82: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Which component are you using?:
I am using aws pod identity provider , i gave admin rights to role , and able to access aws services using same service account
Auto - scaling
Is your feature request designed to solve a problem? If so describe the problem this feature should solve.:
Describe the solution you'd like.:
I would like to auth using pod identity agent
Describe any alternative solutions you've considered.:
Additional context.:
This error it shows
Ignoring, HTTP credential provider invalid endpoint host, "169.254.170.23", only loopback hosts are allowed.
This is my file
Name: cluster-autoscaler-6958ff4fc5-dbr6j
Namespace: kube-system
Priority: 2000000000
Priority Class Name: system-cluster-critical
Service Account: cluster-autoscaler
Node: ip-10-0-18-146.us-east-2.compute.internal/10.0.18.146
Start Time: Wed, 20 Dec 2023 23:30:51 +0530
Labels: app=cluster-autoscaler
pod-template-hash=6958ff4fc5
Annotations: prometheus.io/port: 8085
prometheus.io/scrape: true
Status: Running
SeccompProfile: RuntimeDefault
IP: 10.0.19.200
IPs:
IP: 10.0.19.200
Controlled By: ReplicaSet/cluster-autoscaler-6958ff4fc5
Containers:
cluster-autoscaler:
Container ID: containerd://38da2df28cda2122cdfcc35f11804964e2238b8e95d4c8b55cf9ddecfff84bdf
Image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.2
Image ID: registry.k8s.io/autoscaling/cluster-autoscaler@sha256:fe25585a9b4bbf85bb3ee0ea4f84187683b9106f2838f28d8717a6fdacb84501
Port:
Host Port:
Command:
./cluster-autoscaler
--v=4
--stderrthreshold=info
--cloud-provider=aws
--skip-nodes-with-local-storage=false
--expander=least-waste
--balance-similar-node-groups
--skip-nodes-with-system-pods=false
--node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/my-cluster2
State: Terminated
Reason: Error
Exit Code: 255
Started: Wed, 20 Dec 2023 23:31:32 +0530
Finished: Wed, 20 Dec 2023 23:31:34 +0530
Last State: Terminated
Reason: Error
Exit Code: 255
Started: Wed, 20 Dec 2023 23:31:17 +0530
Finished: Wed, 20 Dec 2023 23:31:18 +0530
Ready: False
Restart Count: 2
Limits:
cpu: 100m
memory: 600Mi
Requests:
cpu: 100m
memory: 600Mi
Environment:
AWS_STS_REGIONAL_ENDPOINTS: regional
AWS_DEFAULT_REGION: us-east-2
AWS_REGION: us-east-2
AWS_CONTAINER_CREDENTIALS_FULL_URI: http://169.254.170.23/v1/credentials
AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE: /var/run/secrets/pods.eks.amazonaws.com/serviceaccount/eks-pod-identity-token
Mounts:
/etc/ssl/certs/ca-certificates.crt from ssl-certs (ro)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-qbnbj (ro)
/var/run/secrets/pods.eks.amazonaws.com/serviceaccount from eks-pod-identity-token (ro)
The text was updated successfully, but these errors were encountered: