learn-terraform-provision-eks-cluster icon indicating copy to clipboard operation
learn-terraform-provision-eks-cluster copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Error: Your current user or role does not have access to Kubernetes objects on this EKS cluster

Open manipulator01 opened this issue 2 years ago • 5 comments

Hello, I've used this project to lunch EKS cluster in my AWS environment. I see following error in the AWS console:

Your current user or role does not have access to Kubernetes objects on this EKS cluster This may be due to the current user or role not having Kubernetes RBAC permissions to describe cluster resources or not having an entry in the cluster’s auth config map.

image

Learn more link takes me to AWS docs but I don't know how I can include this to my terraform config. Can we fix it so that as soon as I lunch eks cluster with terraform, RBAC will be configured properly.?

manipulator01 avatar Dec 12 '21 17:12 manipulator01

Did this problem ever get resolved? As I am experiencing the very same issue as of 5/5/2022

Brensley avatar May 06 '22 15:05 Brensley

I don't have much experience but today I faced the same issue and resolved following an answer on StackOverflow.

So Terraform EKS does not access role to your AWS admin automatically and you need to do this. kubectl edit configmap aws-auth -n kube-system And edit the mapUsers part as follows, [account_id] replaced with yours.

mapUsers: |
  - userarn: arn:aws:iam::[account_id]:root
    groups:
    - system:masters

My questions is how to do this automatically on terraform level so that I don't need to update this every time because terraform apply will reverse this.

jacob-betmatic avatar Jun 19 '22 08:06 jacob-betmatic

+1.

Elycin avatar Aug 12 '22 08:08 Elycin

I have got the eks-cluster created by terraform but facing the same issue. I'm confused where to run kubectl edit configmap aws-auth -n kube-system as I'm not able to access CLI for the terraform cluster created . Do I have to create another cluster through aws cloudformation steps and then run it there (but I think that won't connect it to terraform one).

@jacob-betmatic a help needed here. Thanks

roopakrastogi avatar Aug 17 '22 15:08 roopakrastogi

For me, I saved the kubeconfig as an output from Terraform and was able to access the cluster from local.

By the way, we decided to move to kOps from Terraform due to a few problems:

  • Terraform is great but it's very often an overkill
  • It's updated too frequently and we were frustrated following every patch to resolve a single problem

jacob-betmatic avatar Aug 17 '22 16:08 jacob-betmatic