containerd
with TTY=true the EKS IRSA does not work
Description
I built a Docker image of nerdctl with awscli also. I run the nerdctl POD in EKS with a service account(IRSA in EKS) apiVersion: v1 kind: Pod metadata: labels: app: nerdctl name: nerdctl namespace: jenkins spec: serviceAccountName: jenkins-sa containers: - name: nerdctl image: xxxx/nerdctl-full:latest tty: true securityContext: privileged: true runAsUser: 0 restartPolicy: Always The Pod can start successfully. However, the token for SA can not be injected into the POD. root@nerdctl:/# aws sts get-caller-identity [Errno 2] No such file or directory: '/var/run/secrets/eks.amazonaws.com/serviceaccount/token' root@nerdctl:/# ps -aux
If I remove the ttl and add a sleep comand for container. The SA works in the POD , however nerdctl build function does not work. apiVersion: v1 kind: Pod metadata: labels: app: nerdctl name: nerdctl spec: serviceAccountName: jenkins-sa containers: - name: nerdctl image: xxxx/nerdctl-full:latest command: - sleep args: - 99d securityContext: privileged: true runAsUser: 0 restartPolicy: Always
Error:
nerdctl build -t xxxxx.dkr.ecr.ap-southeast-1.amazonaws.com/java-demo:202310-01-amd64 .
buildctl needs to be installed and buildkitd needs to be running, see https://github.com/moby/buildkit" error="failed to ping to host unix:///run/buildkit-default/buildkitd.sock: exit status 1\nfailed to ping to host unix:///run/buildkit/buildkitd.sock: exit status 1"
no buildkit host is available, tried 2 candidates: failed to ping to host unix:///run/buildkit-default/buildkitd.sock: exit status 1\nfailed to ping to host unix:///run/buildkit/buildkitd.sock: exit status 1
Steps to reproduce the issue
Describe the results you received and expected
Should be no errors.
What version of nerdctl are you using?
latest
Are you using a variant of nerdctl? (e.g., Rancher Desktop)
None
Host information
No response
