Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

Hello Everyone, I am using <https://github.com/PrefectHQ/prefect-recipes/tree/main/prefect-v1-legacy/devops/infrastructure-as-code/aws/prefect-agent-on-eks|this> module.When I run  `kubectl cluster-info`  it is giving timeout error. In AWS, I see that cluster is created but it shows, there is a new version of <http://Kubernetes.Do|Kubernetes.Do> you think that updating cluster will resolve the issue? Because It also says there might be  RBAC permission issues in auth config map.

hi <@U04RTLERAJG> - did you pass your user or your role into the map_users or map_roles variable?

Hello <@U02L949MUGM>  Do you mean as it is mentioned <https://aws.amazon.com/premiumsupport/knowledge-center/eks-kubernetes-object-access-error/#:~:text=The%20error%20indicates%20that%20the,in%20your%20Amazon%20EKS%20cluster.|here> or some other way?

yes! the module exposes the two variables i mentioned above. you should pass your user or role to them in order to appropriately grant access for yourself to the cluster 

<@U02L949MUGM> Yeah,It says that kubectl command must connect to the EKS server endpoint for being able to edit configmap. But when I run `kubectl edit configmap aws-auth -n kube-system` I get timeout error as well.

you’ll need to pass the user through the terraform module. you won’t be able to kubectl to the cluster until the permissions are already in place

Is there any example that I can look through <@U02L949MUGM> ? I am a bit confused:pensive:

so your terraform code would need to look something like this:
```module "eks" {
  source      = "path/to/eks"

  cluster_name        = "my-cluster"
  region              = "us-east-1"
  environment         = "prd"
  k8s_cluster_version = "k8s-version-#"
  vpc_id              = "vpc-xxx"
  private_subnet_ids  = "subnet-xxx"

  map_users =     [{
      userarn  = "YOUR_AWS_USER_ARN"
      username = "clusteradmin"
      groups   = ["system:masters"]
    }]
}```

<@U02L949MUGM> thanks for your help. I'm on the same team as <@U04RTLERAJG>.

<@U04RTLERAJG> linked out to the legacy v1 recipe, but our configs are actually based on the v2 recipe <https://github.com/PrefectHQ/prefect-recipes/tree/main/devops/infrastructure-as-code/aws/eks|here>. There's no `map_users` argument in the v2 recipe.

Additionally, the v1 recipe was on terraform-aws-eks v17, but the v2 recipe is on terraform-aws-eks v18. There were a ton of <https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/UPGRADE-18.0.md|changes in terraform-aws-eks v18>, including that "Support for managing aws-auth configmap has been removed." So I think the v2 recipe needs to offer some more guidance here.

I'm happy to open a GitHub issue to continue the conversation there.

Hi <@U04958ANL1L> - an issue would be great! Thank you

<https://github.com/PrefectHQ/prefect-recipes/issues/214>