You have kubernetes cluster running. You decided to add aws-iam-authenticator to this cluster so that users can be authenticated using AWS. You added “authentication: aws: {}” to cluster yaml. The pods get created after running kops update cluster command. But the pods are erroring with the below error –

level=fatal msg="could not load/generate a certificate" error="open /var/aws-iam-authenticator/cert.pem: permission denied"


You have added configmap for the pod but still aws-iam-authenticator pod showing error.

You have to restart each master node one by one. This way when the master node joins the cluster, it creates the aws-iam-authenticator pod on that master node and it starts with out error. Once the master node is connected, restart others in sequence.