- 最新
- 最多得票
- 最多評論
The error indicates an issue with the trust relationship between the IAM role used by the AWS Load Balancer Controller pod and the OIDC provider for your EKS cluster. A few things to check:
Verify the IAM role trusts the correct OIDC provider for your EKS cluster and allows the sts:AssumeRoleWithWebIdentity action. It should reference the pod's service account ARN and sts.amazonaws.com audience.
Confirm the OIDC provider ID matches what was used when creating the EKS cluster. You can get this from the EKS console.
Check the AWS Load Balancer Controller deployment is using the correct service account name and namespace.
Make sure any mutating webhooks are not modifying the pod's service account details.
To troubleshoot further, you can describe the IAM role trust policy and also get the mutating webhook configurations:
aws iam get-role --role-name ROLE_NAME kubectl get mutatingwebhookconfiguration
相關內容
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前