Reputation: 13837
How to create AWS IAM role with ServiceAccount and attach to Kubernetes DaemonSet
I found that documentation that we can add AWS IAM role to kubernetes serviceaccount and attach to Pods. And what I'm supposed to do is I want to attach that service account to DaemonSet instead of Pods level permission. But I configured same as that documentation and attached to DaemonSet but I've encountered following error message after that:
Aws::STS::Errors::AccessDenied error="Not authorized to perform sts:AssumeRoleWithWebIdentity
Is that meant those type of serviceaccount with IAM role cannot be attached to DaemonSet?
Upvotes: 1
Views: 359
Answers (1)
Reputation: 8840
Is that meant those type of serviceaccount with IAM role cannot be attached to DaemonSet?
No,there shouldn't be any issues with that. I checked here and there is an example with service account in a deployment.
As @PPShein mentioned in comments the issue occurs because he forgot to add the openid_url.
Please refer to this and this documentation.
Upvotes: 1
Related Questions
- AWS IAM Role - AccessDenied error in one pod
- How to assign AWS IAM Role to Service Account with Terraform?
- How to allow an assume role connect from EC2 to EKS on AWS?
- eks iam roles for services account not working
- How to make k8s Pod (generated by Jenkins) use Service account IAM role to access AWS resources
- Kubernetes Service Account and AWS IAM Role for Secrets
- Attach IAM Role to Serviceaccount from a Pod in EKS
- Attach IAM role using cloudformation
- Pass Role to docker container running on kubernetes
- aws-iam-authenticator daemon set not running