https://prefect.io logo
Title
m

MT

03/06/2023, 6:47 PM
Hello Everyone, I am using this module.When I run
kubectl cluster-info
it is giving timeout error. In AWS, I see that cluster is created but it shows, there is a new version of Kubernetes.Do you think that updating cluster will resolve the issue? Because It also says there might be RBAC permission issues in auth config map.
1
j

Jamie Zieziula

03/06/2023, 6:50 PM
hi @MT - did you pass your user or your role into the map_users or map_roles variable?
m

MT

03/06/2023, 7:22 PM
Hello @Jamie Zieziula Do you mean as it is mentioned here or some other way?
j

Jamie Zieziula

03/06/2023, 7:25 PM
yes! the module exposes the two variables i mentioned above. you should pass your user or role to them in order to appropriately grant access for yourself to the cluster
m

MT

03/06/2023, 7:30 PM
@Jamie Zieziula Yeah,It says that kubectl command must connect to the EKS server endpoint for being able to edit configmap. But when I run
kubectl edit configmap aws-auth -n kube-system
I get timeout error as well.
j

Jamie Zieziula

03/06/2023, 7:33 PM
you’ll need to pass the user through the terraform module. you won’t be able to kubectl to the cluster until the permissions are already in place
m

MT

03/06/2023, 7:34 PM
Is there any example that I can look through @Jamie Zieziula ? I am a bit confused😔
j

Jamie Zieziula

03/06/2023, 8:05 PM
so your terraform code would need to look something like this:
module "eks" {
  source      = "path/to/eks"

  cluster_name        = "my-cluster"
  region              = "us-east-1"
  environment         = "prd"
  k8s_cluster_version = "k8s-version-#"
  vpc_id              = "vpc-xxx"
  private_subnet_ids  = "subnet-xxx"

  map_users =     [{
      userarn  = "YOUR_AWS_USER_ARN"
      username = "clusteradmin"
      groups   = ["system:masters"]
    }]
}
:party-parrot: 1
m

MT

03/06/2023, 8:26 PM
Thank you @Jamie Zieziula
j

Jamie Zieziula

03/06/2023, 8:29 PM
np!
b

Brendon Smith

03/07/2023, 10:13 PM
@Jamie Zieziula thanks for your help. I'm on the same team as @MT. @MT linked out to the legacy v1 recipe, but our configs are actually based on the v2 recipe here. There's no
map_users
argument in the v2 recipe. Additionally, the v1 recipe was on terraform-aws-eks v17, but the v2 recipe is on terraform-aws-eks v18. There were a ton of changes in terraform-aws-eks v18, including that "Support for managing aws-auth configmap has been removed." So I think the v2 recipe needs to offer some more guidance here. I'm happy to open a GitHub issue to continue the conversation there.
j

Jamie Zieziula

03/07/2023, 10:18 PM
Hi @Brendon Smith - an issue would be great! Thank you
👍 1