I have a role in my kubernetes cluster using IRSA. The role it points to in AWS is configured in Vault to allow access to an endpoint. I noticed cert-manager has a JWT via Kubernetes service account auth pathway, but this doesn’t seem to work with JWT tokens from service accounts that ultimately refer to AWS auth pathways in Vault.
Has anybody cracked this or is this just missing functionality and you are forced to use AppRoles or JWT via Kubernetes alone?