migrate-to-pod-identity
incorrectly updates EKS addons to use pod identity
#7752
Labels
migrate-to-pod-identity
incorrectly updates EKS addons to use pod identity
#7752
When running
eksctl utils migrate-to-pod-identity --remove-oidc-provider-trust-relationship --approve
on a cluster where a managed EKS addon likevpc-cni
is using IRSA, it incorrectly migrates the addon to use pod identity by removing the OIDC provider trust relationship from the service account role and removing the IRSA annotation, potentially breaking the addon for older versions that do not support pod identity. EKS addons do not officially support pod identity (although newer versions work), so they should be skipped during migration.A sample config to reproduce this issue:
The text was updated successfully, but these errors were encountered: