apiVersion: v1
kind: Pod
metadata:
  name: balajilovesoreos
  annotations:
    testing.eks.amazonaws.com/skip: "false"
    testing.eks.amazonaws.com/serviceAccount/roleArn: "arn:aws:iam::111122223333:role/s3-reader"
    testing.eks.amazonaws.com/serviceAccount/audience: "sts.amazonaws.com"
    testing.eks.amazonaws.com/expectedPatch: '[{"op":"add","path":"/spec/containers","value":[{"name":"balajilovesoreos","image":"amazonlinux","env":[{"name":"AWS_ROLE_ARN","value":"arn:aws:iam::111122223333:role/s3-reader"},{"name":"AWS_WEB_IDENTITY_TOKEN_FILE","value":"/var/run/secrets/eks.amazonaws.com/serviceaccount/token"}],"resources":{},"volumeMounts":[{"name":"aws-iam-token","mountPath":""}]}]}]'
spec:
  containers:
  - image: amazonlinux
    name: balajilovesoreos
    volumeMounts:
      - name: aws-iam-token
        path: /path/to/token
  serviceAccountName: default
  volumes:
    - name: aws-iam-token
      hostPath:
        path: /path/to/token