You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create a cluster with IRSA credentials outside of EKS.
Create an Role resource
What happened?
I've expected the provider to authenticate with STS endpoint like others do. Unfortunately due to the lack of region provider attempts to call STS endpoint without region and fails. It attempts to call sts..amazonaws.com which is clearly wrong.
Relevant Error Output Snippet
Warning CannotConnectToProvider 9m34s (x29 over 32m) managed/iam.aws.upbound.io/v1beta1, kind=role cannot initialize the Terraform plugin SDK async external client: cannot get terraform setup: cache manager failure: cannot retrieve the AWS account ID: GetCallerIdentity query failed: operation error STS: GetCallerIdentity, get identity: get credentials: failed to refresh cached credentials, failed to retrieve credentials, operation error STS: AssumeRoleWithWebIdentity, https response error StatusCode: 0, RequestID: , request send failed, Post "https://sts..amazonaws.com/": dial tcp: lookup sts..amazonaws.com: no such host
For the kubernetes distribution you use, I am not sure how IRSA-related configuration is injected, e.g. how eks.amazonaws.com/role-arn annotation is handled. I assume that these are not automatically injected by your distribution. Could you specify a bit more about how your environment looks like?
Is there an existing issue for this?
Affected Resource(s)
Resource MRs required to reproduce the bug
Steps to Reproduce
What happened?
I've expected the provider to authenticate with STS endpoint like others do. Unfortunately due to the lack of region provider attempts to call STS endpoint without region and fails. It attempts to call
sts..amazonaws.com
which is clearly wrong.Relevant Error Output Snippet
Warning CannotConnectToProvider 9m34s (x29 over 32m) managed/iam.aws.upbound.io/v1beta1, kind=role cannot initialize the Terraform plugin SDK async external client: cannot get terraform setup: cache manager failure: cannot retrieve the AWS account ID: GetCallerIdentity query failed: operation error STS: GetCallerIdentity, get identity: get credentials: failed to refresh cached credentials, failed to retrieve credentials, operation error STS: AssumeRoleWithWebIdentity, https response error StatusCode: 0, RequestID: , request send failed, Post "https://sts..amazonaws.com/": dial tcp: lookup sts..amazonaws.com: no such host
Crossplane Version
1.15.2
Provider Version
1.4.0
Kubernetes Version
1.29.4
Kubernetes Distribution
k0s
Additional Info
A simple addition of
in the DeploymentRuntimeConfig fixes the issue.
The text was updated successfully, but these errors were encountered: