-
Story
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
Product / Portfolio Work
-
False
-
-
False
-
1
-
None
-
None
-
None
Make sure the CSI driver node daemonset has permission to:
efs.DescribeMountTargets ec2.DescribeAvailabilityZones
Currently, the daemonset Pod use node's AWS identity, which does not have permissions to do so.
Investigate:
- Update the node's role (Jan thinks it's created during installation and never updated).
- Or, add need a new role in AWS (= new CredentialsRequest) + assign it to the node driver pods. Adding new CredentialsRequest needs manual work of cluster admin during upgrade when using STS. The cluster admin must create the role in AWS + its secret in OCP before the driver upgrade!