terraform-provider-argocd icon indicating copy to clipboard operation
terraform-provider-argocd copied to clipboard

Published 20 hours ago verified publisher icon argoproj-labs

Executable argocd-k8s-auth failed with exit code 20

Open ievgen-golubiev opened this issue 3 years ago • 1 comments
trafficstars

I have the problem when I trying to create argocd_cluster. Here is the error message:

2022-07-18T18:28:16.855+0200 [DEBUG] [aws-sdk-go] ╷ │ Error: something went wrong during cluster resource creation: rpc error: code = Unknown desc = Get "https://XXXXXXXXXXXXXX.gr7.eu-west-1.eks.amazonaws.com/version?timeout=32s": getting credentials: exec: executable argocd-k8s-auth failed with exit code 20 (Client.Timeout exceeded while awaiting headers) │ │ with argocd_cluster.argo_eks, │ on argocd.tf line 50, in resource "argocd_cluster" "argo_eks": │ 50: resource "argocd_cluster" "argo_eks" { │ │ rpc error: code = Unknown desc = Get │ "https://XXXXXXXXXXXXXX.gr7.eu-west-1.eks.amazonaws.com/version?timeout=32s": getting credentials: exec: │ executable argocd-k8s-auth failed with exit code 20 (Client.Timeout exceeded while awaiting headers) ╵ 2022-07-18T18:28:16.861+0200 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing" 2022-07-18T18:28:16.865+0200 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/oboukili/argocd/3.1.0/darwin_amd64/terraform-provider-argocd_v3.1.0 pid=42493 2022-07-18T18:28:16.865+0200 [DEBUG] provider: plugin exited

My resource definition:

resource "argocd_cluster" "argo_eks" { depends_on = [helm_release.argocd] server = data.aws_eks_cluster.eks.endpoint name = "eks" namespaces = ["*"]

config { aws_auth_config { cluster_name = lookup(var.awsprops, "cluster-name") role_arn = aws_iam_role.eks-cluster.arn } tls_client_config { # insecure = true ca_data = base64decode(data.aws_eks_cluster.eks.certificate_authority.0.data) } } }

ievgen-golubiev avatar Jul 19 '22 09:07 ievgen-golubiev

@ievgen-golubiev I was getting the same error. I removed the aws_auth_config from the config block below and then it succeeded. Try that.

  config {
    tls_client_config {
       ca_data = base64decode(data.aws_eks_cluster.eks.certificate_authority.0.data)
      insecure = false
    }
  }

Colbize avatar Jul 27 '22 17:07 Colbize

@Colbize, thank you very much

babebort avatar Oct 24 '22 14:10 babebort

When I try to do that, the cluster does get added to ArgoCD but then when it is actually used (i.e deploying an application), I get an error message in ArgoCD saying "error getting openapi resources: unknown". 🤔

Edit: the approach that worked for me was this:

I created an KSA and gave it the roles I need. I then gave ArgoCD the secrets to connect using that KSA. I got this idea from an example the docs give for connecting to GKE but it works for EKS as well. https://registry.terraform.io/providers/oboukili/argocd/latest/docs/resources/cluster#example-usage---gcp-gke-cluster

jdmaguire avatar Oct 25 '22 13:10 jdmaguire

See suggestions above. If these do not work, and there is an issue in the provider (rather than a user "error" regarding the correlated setup within ArgoCD/Kubernetes RBAC) then feel free to open a new issue.

onematchfox avatar May 15 '23 15:05 onematchfox