No auth basic when using Web Identities IAM role over Kubernetes ServiceAccount [EKS 1.21]

[scila1996]

Hi

I have EKS Cluster with newest version is 1.21 EKS and run a pod with container docker:dind on EC2 worker, All my nodegroup have role to ECR and my cluster too was registered to OIDC, I want to pull docker from another ECR account without AWS config and using IAM role with service account, this is error in log

time="2021-09-27T04:30:23Z" level=debug msg="Calling ECR.GetAuthorizationToken" registry=285484073914 time="2021-09-27T04:30:27Z" level=error msg="Error retrieving credentials" error="ecr: Failed to get authorization token: NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors"

But in EKS 1.19, it's gone to work without this error !

[prasunsultania]

I ran into similar error with Kaniko when trying to push images to ECR which uses this as underlying library. I am using EKS 1.21

E0112 11:20:49.585270 1 aws_credentials.go:77] while getting AWS credentials NoCredentialProviders: no valid providers in chain. Deprecated. For verbose messaging see aws.Config.CredentialsChainVerboseErrors error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "xxxx.dkr.ecr.us-west-2.amazonaws.com/uitests:dev-latest": POST https://xxxx.dkr.ecr.us-west-2.amazonaws.com/v2/uitests/blobs/uploads/: unexpected status code 401 Unauthorized: Not Authorized