-
Bug
-
Resolution: Done-Errata
-
Normal
-
4.14
We only intend (at the moment) to backport the pod identity webhook to 4.14. The original text of the card is below:
---------------------------------------------------------------------------------
Description of problem:
Openshift 4.11 still relies on v0.1.0 of aws-pod-identity-webhook (used by openshift-cloud-credential-operator) which is already almost 3 years old and contains several issues that have been fixed in the meantime in the upstream AWS project (latest release 0.4.0): https://github.com/openshift/aws-pod-identity-webhook
We understand that it is on downstream forked but we're interested in at least, an specific backport. The specific issue that customer is facing is setting `eks.amazonaws.com/sts-regional-endpoints: "true"` on a SA whose NS is labelled with `pod-identity-webhook/mutate=true` does not work
See issue fixed in 0.3.0: https://github.com/aws/amazon-eks-pod-identity-webhook/pull/120).
Version-Release number of selected component (if applicable):
- OpenShift Container Platform 4.11
How reproducible:
Explained in the pull request fix.
Steps to Reproduce:
Explained in the pull request fix.
Actual results:
- Setting eks.amazonaws.com/sts-regional-endpoints: "true"` on a SA whose NS is labelled with `pod-identity-webhook/mutate=true` does not work
Expected results:
To backport issue fixed in 0.3.0: https://github.com/aws/amazon-eks-pod-identity-webhook/pull/120).
Additional info:
- clones
-
-
- Closed
-
- depends on
-
-
- Closed
-
- is duplicated by
-
-
- Closed
-
- links to
-
RHBA-2023:7470
OpenShift Container Platform 4.14.z bug fix update
