Incomplete setup documentation

[instaastro]

I have tried to seutp kube-aws-iam-controller as documented but have not been able to do so even after several attempts. At first instance I got error when applying the deployment that kube-aws-iam-controller service account not found. I explicitly created service-account and granted clusterwide role to get, list and watch secrets (which is undocumented). After this the deployment succeeds but I get the following error from the pod:

level=error msg="secrets is forbidden: User \"system:serviceaccount:kube-system:kube-aws-iam-controller\" cannot list resource \"secrets\" in API group \"\" at the cluster scope"

[linki]

Double check your deployment files and compare them with what's documented here: https://github.com/zalando-incubator/kube-aws-iam-controller/tree/master/docs

The service account and cluster role are defined there. You might got the error initially because the rbac.yaml is applied after the deployment.yaml. This should work during the second run.

Please also paste the contents of your ClusterRoleBinding and ClusterRole.