I am running application pods in default namespace. If I try to fetch the credentials: curl http://169.254.169.254/latest/meta-data/iam/security-credentials, I get correctly: unable to find role for IP 100.98.143.218
I've recently created new namespace for ingress controller:
In that namespace there is a deployment without iam.amazonaws.com/role annotation.
When I try to fetch credentials from within the pod of that deployment, I get full node credentials: nodes.v2.k8s.local/
I am running application pods in default namespace. If I try to fetch the credentials:
curl http://169.254.169.254/latest/meta-data/iam/security-credentials
, I get correctly:unable to find role for IP 100.98.143.218
I've recently created new namespace for ingress controller:
In that namespace there is a deployment without
iam.amazonaws.com/role
annotation. When I try to fetch credentials from within the pod of that deployment, I get full node credentials:nodes.v2.k8s.local/
I would assume that by default
kube2iam
restricts IAM access and only allow one, once specified, e.g. as mentioned here: https://github.com/jtblin/kube2iam#namespace-restrictionsIs my assumption correct or perhaps there is a bug in the
kube2iam
or perhaps there is misconfiguration on my end?I would appreciate any help on this topic.
Thanks.
kube2iam.yaml