Reputation: 13837
I found that documentation that we can add AWS IAM role to kubernetes serviceaccount and attach to Pods. And what I'm supposed to do is I want to attach that service account to DaemonSet instead of Pods level permission. But I configured same as that documentation and attached to DaemonSet but I've encountered following error message after that:
Aws::STS::Errors::AccessDenied error="Not authorized to perform sts:AssumeRoleWithWebIdentity
Is that meant those type of serviceaccount with IAM role cannot be attached to DaemonSet?
Upvotes: 1
Views: 359
Reputation: 8840
Is that meant those type of serviceaccount with IAM role cannot be attached to DaemonSet?
No,there shouldn't be any issues with that. I checked here and there is an example with service account in a deployment.
As @PPShein mentioned in comments the issue occurs because he forgot to add the openid_url
.
Please refer to this and this documentation.
Upvotes: 1