eksctl-io
[Help] Command `create podidentityassociation` doesn't create SA for me
OS: macOS Monterey
eksctl: installed from homebrew, 0.169.0
Recently, the feature EKS Pod Identity was released, and I would like to understand the differences between eksctl create iamserviceaccount -f config.yaml and eksctl create podidentityassociation -f config.yaml. Because it seems inconsistent to me.
When I first used the create iamserviceaccount command with the yaml file below, eksctl created both a Service Account (SA) and an AWS Role for me.
iam:
withOIDC: true # Enable IRSA(IAM Roles for Service Accounts)
serviceAccounts:
- metadata:
name: aws-load-balancer-controller
namespace: kube-system
wellKnownPolicies:
awsLoadBalancerController: true
However, when I used the create podidentityassociation command with the yaml file below, eksctl only created a pod identity association and an AWS Role, but did not create a Service Account(it doesn't exist). I'm trying to understand if this behavior is expected.
iam:
podIdentityAssociations:
- namespace: kube-system
serviceAccountName: aws-load-balancer-controller
roleName: eks-aws-load-balancer-controller
wellKnownPolicies:
awsLoadBalancerController: true
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}