terraform-aws-eks
terraform-aws-eks copied to clipboard
Published
20 hours ago β’
terraform-aws-modules
terraform-aws-modules
The eks sub-module aws-auth reports Unauthorized
Using terraform-aws-modules/eks/aws version 20.14.0 and terraform-aws-modules/eks/aws//modules/aws-auth version 20.15.0, with config...
module "aeks-aws-auth" {
source = "terraform-aws-modules/eks/aws//modules/aws-auth"
version = "20.15.0"
manage_aws_auth_configmap = true
aws_auth_roles = [
{
rolearn = data.aws_iam_role.karpenter_instance.arn
username = "system:node:{{EC2PrivateDNSName}}"
groups = ["system:bootstrappers", "system:nodes"]
},
]
aws_auth_users = var.eks_additional_users
}
I get...
β Error: Have got the following error while validating the existence of the ConfigMap "aws-auth": Unauthorized
β
β with module.aeks-aws-auth.kubernetes_config_map_v1_data.aws_auth[0],
β on .terraform\modules\aeks-aws-auth\modules\aws-auth\main.tf line 31, in resource "kubernetes_config_map_v1_data" "aws_auth":
β 31: resource "kubernetes_config_map_v1_data" "aws_auth" {
This same configuration worked in eks version 19.17.2, when aws-auth was not a sub-module, and the above config was embedded within the eks module definition. My aws provider is...
provider "aws" {
region = var.aws_region
}
data "aws_caller_identity" "current" {}
...and in 19.17.2 this used to allow bothe creation of the eks cluster and management of the aws-auth configMap. Now, with the aws-auth submodule, I can create the cluster and destroy the cluster, but not alter the configMap.
Is this a bug in the sub module? Wrong module version? Misconfiguration? Any help appreciated.
