Unauthorized for Token-based Authorization
vitali-s opened this issue · 2 comments
vitali-s commented
While it's working with standard Kubernetes provider, k8s returns:
Error: Unauthorized
on main.tf line 1, in resource "k8s_manifest" "this":
1: resource "k8s_manifest" "this" {
Provider configuration:
provider "k8s" {
load_config_file = "false"
host = var.host
cluster_ca_certificate = base64decode(data.aws_eks_cluster.k8s_provider.certificate_authority.0.data)
token = data.aws_eks_cluster_auth.k8s_provider.token
}
Provider version: 0.8.2
bonifaido commented
TBH I can't make this work with the standard Kubernetes provider neither, gives the same error message:
provider "aws" {
region = "us-east-2"
}
data "aws_eks_cluster" "example" {
name = "..."
}
data "aws_eks_cluster_auth" "example" {
name = "..."
}
provider "kubernetes" {
load_config_file = "false"
host = data.aws_eks_cluster.example.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.example.certificate_authority.0.data)
token = data.aws_eks_cluster_auth.example.token
}
resource "kubernetes_job" "demo" {
metadata {
name = "demo"
}
spec {
template {
metadata {}
spec {
container {
name = "pi"
image = "perl"
command = ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
}
restart_policy = "Never"
}
}
backoff_limit = 4
}
}
kubernetes_job.demo: Creating...
Error: Failed to create Job! API error: Unauthorized
on main.tf line 34, in resource "kubernetes_job" "demo":
34: resource "kubernetes_job" "demo" {
bonifaido commented
The issue in my case was that my IAM user with I was running terraform with wasn't listed in the aws-auth
ConfigMap. After adding that the k8s
provider (and the kubernetes
providers as well) works just fine.
kubectl edit configmap -n kube-system aws-auth
# add your users to the mapUsers
# Save
terraform apply