Helm provider can not be executed for the second time and fails with error: system:serviceaccount:system-dev:default has no permitions

[yevgeniyo]

Once using such provider for EKS

provider "helm" {
  version = "2.1.2"
  kubernetes {
    host                   = data.aws_eks_cluster.eks.endpoint
    cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority.0.data)
    exec {
      api_version = "client.authentication.k8s.io/v1alpha1"
      args        = ["eks", "get-token", "--cluster-name", "${var.cluster_name}-${var.dc}", "--profile", "some", "--region", var.region]
      command     = "aws"
    }
  }
}

For the second time terraform plan will fail with following errors.

Error: query: failed to query with labels: secrets is forbidden: User "system:serviceaccount:system-dev:default" cannot list resource "secrets" in API group "" in the namespace "kube-system"

We dont have such namespace system-dev at all and sa

From the other side, I also have similar kubernetes provider which works perfectly

provider "kubernetes" {
  host                   = data.aws_eks_cluster.cluster.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
  exec {
      api_version = "client.authentication.k8s.io/v1alpha1"
      args        = ["eks", "get-token", "--cluster-name", "${var.cluster_name}-${var.dc}", "--profile", "some", "--region", var.region]
      command     = "aws"
    }
  version                = "2.2.0"
}

[novboy]

is there any workaround?I have the same issue

[github-actions[bot]]

Marking this issue as stale due to inactivity. If this issue receives no comments in the next 30 days it will automatically be closed. If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. This helps our maintainers find and focus on the active issues. Maintainers may also remove the stale label at their discretion. Thank you!