Description of problem:
Openshift 4.11 still relies on v0.1.0 of aws-pod-identity-webhook (used by openshift-cloud-credential-operator) which is already almost 3 years old and contains several issues that have been fixed in the meantime in the upstream AWS project (latest release 0.4.0): https://github.com/openshift/aws-pod-identity-webhook
We understand that it is on downstream forked but we're interested in at least, an specific backport. The specific issue that customer is facing is setting `eks.amazonaws.com/sts-regional-endpoints: "true"` on a SA whose NS is labelled with `pod-identity-webhook/mutate=true` does not work
See issue fixed in 0.3.0: https://github.com/aws/amazon-eks-pod-identity-webhook/pull/120).
Version-Release number of selected component (if applicable):
- OpenShift Container Platform 4.11
How reproducible:
Explained in the pull request fix.
Steps to Reproduce:
Explained in the pull request fix.
Actual results:
- Setting eks.amazonaws.com/sts-regional-endpoints: "true"` on a SA whose NS is labelled with `pod-identity-webhook/mutate=true` does not work
Expected results:
To backport issue fixed in 0.3.0: https://github.com/aws/amazon-eks-pod-identity-webhook/pull/120).
Additional info:
- is cloned by
-
OCPBUGS-21761 Backport aws-pod-identity-webhook to 4.14
-
- Closed
-
-
-
- Closed
-
- relates to
-
CCO-428 Rebase upstream aws-pod-identity-webhook
-
- Closed
-
-
OCPSTRAT-910 Rebase AWS Pod Identity Webhook to v0.4.0
-
- Closed
-
- links to
