hnsvetu 应该是AWS_WEB_IDENTITY_TOKEN_FILE挂载路径的问题了
volumeMounts:
- name: aws-iam-token
mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount/
volumes:
- name: aws-iam-token
projected:
sources:
- serviceAccountToken:
audience: sts.amazonaws.com
expirationSeconds: 86400
这里的 aws-iam-token 是从哪里来的呢? AWS_WEB_IDENTITY_TOKEN_FILE 的路径应该是 serviceaccount 的token 的挂载路径,不知道eks 中有没有特殊处理, 可以试试用 /var/run/secrets/kubernetes.io/serviceaccount/token
