+++ This bug was initially created as a clone of Bug #2002808 +++ Description of problem: See https://github.com/kubernetes/kubernetes/pull/104314#issue-709659173 Version-Release number of selected component (if applicable): 4.8 How reproducible: Always Steps to Reproduce: 1. 2. 3. Actual results: role_arn and web_identity_token_file are not used by the custom AWS credential chain defined by the in-tree cloud provider. Expected results: Default credential chain is used and web identity credentials work. Additional info: A number of customers are wanting OCP run with only STS credentials (no user access ids/keys). This is recommend by AWS. Hypershift is doing this. OCP can't run in STS-only mode until this is fixed.
Fixed in https://github.com/openshift/kubernetes/pull/985
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.9.8 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:4712