sns-controller doesn't work with Pod Identity associations
Closed this issue · 2 comments
nicraMarcin commented
Describe the bug
Setting Pod Identity associations in EKS with Amazon EKS Pod Identity Agent v1.3.0-eksbuild.1 doesn't work
2024/08/28 05:28:15 Ignoring, HTTP credential provider invalid endpoint host, "169.254.170.23", only loopback hosts are allowed. <nil>
2024-08-28T05:28:15.650Z ERROR setup Unable to create controller manager {"aws.service": "sns", "error": "unable to determine account ID: unable to get caller identity: NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainV
erboseErrors"}
main.main
/github.com/aws-controllers-k8s/sns-controller/cmd/controller/main.go:71
runtime.main
/usr/local/go/src/runtime/proc.go:250 Other controllers like s3, eks works
Steps to reproduce
Add EKS Pod Identity Agent, create association pod's serviceAccount with IAM Role, restart service.
Service gets such variables from agent:
AWS_STS_REGIONAL_ENDPOINTS: regional
AWS_CONTAINER_CREDENTIALS_FULL_URI: http://169.254.170.23/v1/credentials
AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE: /var/run/secrets/pods.eks.amazonaws.com/serviceaccount/eks-pod-identity-tokenEnvironment
- Kubernetes version 1.29
- Using EKS (yes/no), if so version? YES
- AWS service targeted (S3, RDS, etc.) SNS
a-hilaly commented
Hi @nicraMarcin i have played with ACK controllers under PIA before and they worked as expected. Are you still running into this issue? if yes, can provide some manifests we can use to reproduce and provide feedback?
nicraMarcin commented
Hi,
thank you for your answer and I'm sorry for confusion. I didn't notice that I installed older version 1.0.1.
I've upgraded it to 1.0.13 and works.
Thank you