Hello Everyone, I am using this module.When I run

kubectl cluster-info

it is giving timeout error. In AWS, I see that cluster is created but it shows, there is a new version of Kubernetes.Do you think that updating cluster will resolve the issue? Because It also says there might be RBAC permission issues in auth config map.

hi @MT - did you pass your user or your role into the map_users or map_roles variable?

Hello @Jamie Zieziula Do you mean as it is mentioned here or some other way?

yes! the module exposes the two variables i mentioned above. you should pass your user or role to them in order to appropriately grant access for yourself to the cluster

@Jamie Zieziula Yeah,It says that kubectl command must connect to the EKS server endpoint for being able to edit configmap. But when I run

kubectl edit configmap aws-auth -n kube-system

I get timeout error as well.

you’ll need to pass the user through the terraform module. you won’t be able to kubectl to the cluster until the permissions are already in place

Is there any example that I can look through @Jamie Zieziula ? I am a bit confused😔

so your terraform code would need to look something like this:

module "eks" {
  source      = "path/to/eks"

  cluster_name        = "my-cluster"
  region              = "us-east-1"
  environment         = "prd"
  k8s_cluster_version = "k8s-version-#"
  vpc_id              = "vpc-xxx"
  private_subnet_ids  = "subnet-xxx"

  map_users =     [{
      userarn  = "YOUR_AWS_USER_ARN"
      username = "clusteradmin"
      groups   = ["system:masters"]
    }]
}

Thank you @Jamie Zieziula

np!

@Jamie Zieziula thanks for your help. I'm on the same team as @MT. @MT linked out to the legacy v1 recipe, but our configs are actually based on the v2 recipe here. There's no

map_users

argument in the v2 recipe. Additionally, the v1 recipe was on terraform-aws-eks v17, but the v2 recipe is on terraform-aws-eks v18. There were a ton of changes in terraform-aws-eks v18, including that "Support for managing aws-auth configmap has been removed." So I think the v2 recipe needs to offer some more guidance here. I'm happy to open a GitHub issue to continue the conversation there.

Hi @Brendon Smith - an issue would be great! Thank you