ERROR, Missing credentials in config

[sc-steven]

k8s Version: v1.18.9-eks
kubernetes-external-secrets Version: 6.1.0

Getting the title of this ticket as a status message when running

> kubectl get externalsecrets -n namespace service-name -o yaml

spec:
  backendType: secretsManager
  data:
  - key: service-name/secret_key_1-5Lzgxi
    name: secret_key_1
    property: null
  - key: service-name/secret_key_2-5Lzgxi
    name: secret_key_2
    property: null
  region: us-east-1
  roleArn: arn:aws:iam::123456789:role/eks01-us-dev-service-name
status:
  lastSync: "2021-01-12T07:02:21.180Z"
  observedGeneration: 1
  status: ERROR, Missing credentials in config

When i have a shell on the pod i have run the following and am able to access the details as looking at prior tickets it was common that the fsGroup role could be the issue but we have it set as follows also

securityContext:
  runAsNonRoot: true
  fsGroup: 65534

bash-4.3# printenv | grep AWS_
AWS_ROLE_ARN=arn:aws:iam::123456789:role/eks01-us-dev-service-name
AWS_WEB_IDENTITY_TOKEN_FILE=/var/run/secrets/eks.amazonaws.com/serviceaccount/token
AWS_DEFAULT_REGION=us-east-1
AWS_REGION=us-east-1

bash-4.3# cat /var/run/secrets/eks.amazonaws.com/serviceaccount/token
<token is shown>

Not sure what else to check as to why it is still trying to look for the AWS Keys in the Config when we are only using IRSA.

[Flydiverny]

Duplicate #597 and plenty of others. The process is using the node user (uid 1000), make sure it can read the token.

[sc-steven]

I have tested using fsGroup as 1000 and still get the same status error.

@Flydiverny how do i test that the user can access the token? i thought i showed that above...

[adecchi-2inno]

Any feedback ? I have the same issue. Someone can give some tips ?

[Flydiverny]

If you are new to setting up KES please see and consider starting off with ESO instead.
#864