You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What happened?
Configured Controller to use Pod Identities rather than IRSAv1
What you expected to happen?
Expect the controller to get credentials from the Pod Identity Agent (DaemonSet)
How to reproduce it (as minimally and precisely as possible)?
Create an IAM role with a Pod Identity trust policy. Assign the AmazonEBSCSIDriver policy to the role. Create an Access Entry for the controller's ServiceAccount that maps to the role.
Anything else we need to know?:
The controller throws an error when trying to get credentials. 169.254.170.23 is the IP address of the credential endpoint for Pod Identities.
E1214 16:38:22.116057 1 driver.go:125] "GRPC error" err=<
rpc error: code = Internal desc = Could not create volume "pvc-fe9ed2a2-72c3-4c5c-b4a8-fa5c822981b6": could not create volume in EC2: NoCredentialProviders: no valid providers in chain
caused by: EnvAccessKeyNotFound: failed to find credentials in the environment.
SharedCredsLoad: failed to load profile, .
CredentialsEndpointError: invalid endpoint host, "169.254.170.23", only loopback hosts are allowed.
Environment
Kubernetes version (use kubectl version): EKS 1.27
Driver version: v1.25.0-eksbuild.1
The text was updated successfully, but these errors were encountered:
Hi @jicowan, this is because the current version of the driver (v1.25.0) was released prior to the release of EKS Pod Identities.
The next version of the driver (v1.26.0) is currently undergoing release (started today), and will use an updated AWS SDK with EKS pod identity support. I'll update this issue when the release is completed and it is available.
EBS CSI Driver v1.26.0 has been released and uses an updated AWS SDK with EKS pod identity support.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
/kind bug
What happened?
Configured Controller to use Pod Identities rather than IRSAv1
What you expected to happen?
Expect the controller to get credentials from the Pod Identity Agent (DaemonSet)
How to reproduce it (as minimally and precisely as possible)?
Create an IAM role with a Pod Identity trust policy. Assign the AmazonEBSCSIDriver policy to the role. Create an Access Entry for the controller's ServiceAccount that maps to the role.
Anything else we need to know?:
The controller throws an error when trying to get credentials. 169.254.170.23 is the IP address of the credential endpoint for Pod Identities.
Environment
kubectl version
): EKS 1.27The text was updated successfully, but these errors were encountered: