stackoom
  简体   繁体   中英

Deploy to EKS cluster using AWS codepipleine

 原文  2020-01-05 08:31:57       amazon-web-services/ kubernetes/ aws-codepipeline/ amazon-eks

Question

I'm trying to automate deployment on EKS cluster using AWS codepipeline and was referring to the page: AWS CodePipeline and deployingto EKS

I am following the same steps as mentioned in the buildspec.yaml file but I am getting following error:

[Container] 2020/01/05 08:26:35 Running command kubectl apply -f $CODEBUILD_SRC_DIR/Takenaka.Api.User/Takenaka.Api.User/hello-k8s.yml 
Error from server (Forbidden): error when retrieving current configuration of: 
Resource: "apps/v1, Resource=deployments", GroupVersionKind: "apps/v1, Kind=Deployment" 
Name: "takenaka-user", Namespace: "default" 
Object: &{map["apiVersion":"apps/v1" "kind":"Deployment" "metadata":map["annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "name":"takenaka-user" "namespace":"default"] "spec":map["replicas":'\x01' "selector":map["matchLabels":map["app":"takenaka-user"]] "template":map["metadata":map["labels":map["app":"takenaka-user"]] "spec":map["containers":[map["image":"591209811908.dkr.ecr.ap-northeast-1.amazonaws.com/takenaka-ecr-repo:takenaka.user-4" "name":"takenaka-user" "ports":[map["containerPort":'P']]]]]]]]} 
from server for: "/codebuild/output/src658704233/src/git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/Takenaka/Takenaka.Api.User/Takenaka.Api.User/hello-k8s.yml": deployments.apps "takenaka-user" is forbidden: User "Kubernetesdeployment" cannot get resource "deployments" in API group "apps" in the namespace "default"

2 answers

solution1
 0  2020-01-05 08:41:53

User "Kubernetesdeployment" cannot get resource "deployments" in API group "apps" in the namespace "default"

If "Kubernetesdeployment" is a ServiceAccount that AWS CodePipeline uses to deploy, it looks like it is missing the necessary RBAC permissions to deploy "Deployment" in namespace "default".

Using RBAC Authorization may be helpful. Usually, you want to create and read both "Deployment", "Service" and possibly "Ingress" for deploying apps to a specific namespace.

From the link that you had followed, it looks like it miss point 4.

  1. Make kubernetes_deployment role as authorized in eks cluster

alternatively, that you have set the permissions to a different service account name? username: kubernetes_deployment is named Kubernetesdeployment in your error message.

solution2
 0  2020-01-07 07:14:42

Please also look at AWS recommended deployment methodology to EKS with CodePipeline:

Continuous Deployment to Kubernetes using AWS CodePipeline, AWS CodeCommit, AWS CodeBuild, Amazon ECR and AWS Lambda - https://aws.amazon.com/blogs/devops/continuous-deployment-to-kubernetes-using-aws-codepipeline-aws-codecommit-aws-codebuild-amazon-ecr-and-aws-lambda/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to create a AWS Kubernetes cluster (EKS) using Fargate? kubectl authentication to aws eks cluster Unable to connect to AWS EKS cluster AWS: Attaching ASG to an EKS Cluster AWS EKS Lost access to cluster Backup AWS EKS cluster configuration Creating the OIDC provider in aws from the eks cluster using cloudformation Configuring Jenkins To Deploy on AWS EKS Deploy AWS EKS Fargate with Terraform Enabling AWS Group to access AWS EKS cluster
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM