[英]Terraform plan AWS Unauthorized issue
UPD:通過將 terraform 運行的 AWS 用戶更改為集群的 map_users 中列出的用戶來解決該問題。
我不是 DevOps 的人,很抱歉這可能是一個愚蠢的問題。 試圖使一些現有的 terraform 配置正常工作,但在terraform plan
步驟中失敗。 具有訪問密鑰/秘密的已使用 IAM 用戶看起來有足夠的權限來訪問所需的任何內容,但錯誤仍然存在,因此似乎缺少一些權限。 有什么想法嗎?
錯誤是:
Error: Invalid credentials
│
│ with kubernetes_manifest.virtual_service["graphql-api"],
│ on istio.tf line 42, in resource "kubernetes_manifest" "virtual_service":
│ 42: resource "kubernetes_manifest" "virtual_service" {
│
│ The credentials configured in the provider block are not accepted by the
│ API server. Error: Unauthorized
這是provider.tf:
terraform {
required_version = ">= 1.1.5"
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = ">= 2.11.0"
}
helm = {
source = "hashicorp/helm"
version = ">= 2.5.1"
}
aws = {
source = "hashicorp/aws"
version = ">= 4.15.1"
}
}
}
provider "aws" {
region = var.region
access_key = var.aws_key
secret_key = var.aws_secret
}
data "aws_eks_cluster" "eks" {
name = var.cluster_name
}
provider "kubernetes" {
host = data.aws_eks_cluster.eks.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data)
exec {
api_version = "client.authentication.k8s.io/v1alpha1"
args = ["eks", "get-token", "--cluster-name", var.cluster_name]
command = "aws"
}
}
data "aws_caller_identity" "current" {}
provider "helm" {
kubernetes {
host = data.aws_eks_cluster.eks.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data)
exec {
api_version = "client.authentication.k8s.io/v1alpha1"
args = ["eks", "get-token", "--cluster-name", var.cluster_name]
command = "aws"
}
}
}
解決方案是使用 map_users configmap 中列出的 AWS 用戶讓集群運行 Terraform。 感謝@MarkoE。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.