You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am running application pods in default namespace. If I try to fetch the credentials: curl http://169.254.169.254/latest/meta-data/iam/security-credentials, I get correctly: unable to find role for IP 100.98.143.218
I've recently created new namespace for ingress controller:
In that namespace there is a deployment without iam.amazonaws.com/role annotation.
When I try to fetch credentials from within the pod of that deployment, I get full node credentials: nodes.v2.k8s.local/
I am running application pods in default namespace. If I try to fetch the credentials:
curl http://169.254.169.254/latest/meta-data/iam/security-credentials
, I get correctly:unable to find role for IP 100.98.143.218
I've recently created new namespace for ingress controller:
In that namespace there is a deployment without
iam.amazonaws.com/role
annotation.When I try to fetch credentials from within the pod of that deployment, I get full node credentials:
nodes.v2.k8s.local/
I would assume that by default
kube2iam
restricts IAM access and only allow one, once specified, e.g. as mentioned here:https://github.com/jtblin/kube2iam#namespace-restrictions
Is my assumption correct or perhaps there is a bug in the
kube2iam
or perhaps there is misconfiguration on my end?I would appreciate any help on this topic.
Thanks.
kube2iam.yaml
The text was updated successfully, but these errors were encountered: