I've trying to assume a role when accessing my eks cluster with kubectl. In my kubeconfig, under the user: section, I've got aws eks get-token --cluster-name --role <myrolearn>... I'm expecting for this for the get-token call to be run prior to my kubectl call and used in my kubectl call and thus ignoring whatever aws config i've got setup via ~/.aws/credentials. Am I understanding this correctly?
I believe it is indeed assuming the role-- I can see the lastactivity on the role updating as I kubectl.
however, some kubectl actions fail in the cluster with this error message: error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: the server has asked for the client to provide credentials
oddly, if I change my aws config via ~/.aws/credentials to that of the cluster creator, these errors will go away..