Issues icon indicating copy to clipboard operation
Issues copied to clipboard

Published 20 hours ago verified publisher icon OctopusDeploy

AWS EKS Targets - IAM Authenticator v0.5.4+ no longer supports v1alpha1 endpoint

Open FinnianDempsey opened this issue 3 years ago • 2 comments

Team

  • [X] I've assigned a team label to this issue

Severity

Workaround Exists

Version

Effects Latest Version

Latest Version

I could reproduce the problem in the latest build

What happened?

When adding a Kubernetes Deployment Target that uses an AWS Account for authentication, the health check fails due to the wrong endpoint, if the version of aws-iam-authenticator is above 0.5.3.

(Unsure if this only affects health-checks, or if it impacts the deployment step as well)

Reproduction

  1. Add Kubernetes Deployment Target in Octopus
  2. On the Worker Performing the Health Check, install aws-iam-authenticator version 0.5.4+
  3. Perform Health Check - See Error

Error and Stacktrace

Unable to connect to the server: getting credentials: exec plugin is configured to use API version client.authentication.k8s.io/v1alpha1, plugin returned version client.authentication.k8s.io/v1beta1

More Information

Workaround

Option 1 Where you control the execution environment for the affected step or health-check, install 0.5.3 of aws-iam-authenticator choco install -y aws-iam-authenticator --version 0.5.3

Option 2 If you're encountering this problem when executing on a Windows Dynamic Worker (the current production version has 0.5.5 of the tool installed), you could change to running the step/health check in an execution container. The both the Windows and Linux versions of the Octopus Worker Tools image are built using version 0.5.3 of the aws-iam-authenticator tool.

FinnianDempsey avatar Mar 04 '22 03:03 FinnianDempsey

Any update on moving forward with using a different authentication package for Linux? We have a customer who was having issues getting 0.5.3 to work on an Ubuntu worker (discussion here and here)

It seems like the aws-iam-authenticator package on an Ubuntu worker running in Kubernetes will error out if using 0.5.3 (see this specific post here). There were discussions here (internal link) about moving to Azure CLI for authentication.

Have any of our customers managed to get 0.5.3 working with Ubuntu in Kubernetes and would be willing to share how they accomplished it?

Clare-Octopus avatar Oct 03 '22 08:10 Clare-Octopus

Another report with having issues getting this to work in Linux [internal]: https://octopus.zendesk.com/agent/tickets/99532

patrick-smergut-octopus avatar Oct 26 '22 17:10 patrick-smergut-octopus

:tada: The fix for this issue has been released in:

Release stream Release
2022.3 2022.3.10711
2022.4 2022.4.7439
2023.1+ all releases

Octobob avatar Sep 19 '23 00:09 Octobob