Closed adeelahmadch closed 10 months ago
Never mind, I was able to resolve this issue by modifying IAM role(externally) and then i forced kops
to ignore the changes to role using;
kops update cluster --lifecycle-overrides IAMRole=ExistsAndWarnIfChanges
/kind feature
1. Describe IN DETAIL the feature/behavior/change you would like to see. With recent changes done by AWS in IAM role trust policy behavior (1). In specific use cases, You need to allow instance roles to assume themself explicitly. Component like kube2iam (2) relies on this behaviour. However i believe this is currently hardcode in kOps code (3) and its not configurable by additional policies (4).
(1): https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/ (2): https://github.com/jtblin/kube2iam (3): https://github.com/kubernetes/kops/blob/v1.28.2/pkg/model/awsmodel/iam.go#L49 (4): https://kops.sigs.k8s.io/iam_roles/#adding-additional-policies
Cloud Provider : AWS kOps Version : v1.28.2
2. Feel free to provide a design supporting your feature request.