Open jh-sz opened 4 years ago
@jh-sz Could you show how you're having the role self reference itself for the trust relationship? I've tried several things and none of them are working.
Hey @tycoles, i was just modifying that inside on aws console to prove that it's the case. But I believe you can use aws cli update-assume-role-policy to do that. And if you were referring to terraform, AFAIK i don't think that would work. Terraform only allows to add assume role policy on role creation, and you can't refer to a role that hasn't been created.
The way I have done myself is to create a third role to fallback to with the aws permissions i need and use the role as the --default
in kube2iam args
Not sure if this is the expected behaviour, in my case, I have some pods that I just want them to use the default role. But I am seeing errors that:
The logs from kube2iam pod, for the above container:
Should this be getting the credentials from the
wantedRole
, ifwantedRole
is same asdefault
? https://github.com/jtblin/kube2iam/blob/c39e3cb489537b9fe240e53ac194ab3bbea785af/server/server.go#L335-L342Work around: Adding itself to the trusted relationship seem to be working