search

DNXLabs / terraform-aws-eks-lb-controller

Terraform module for deploying AWS Load Balancer Controller inside a pre-existing EKS cluster.
https://modules.dnx.one
Apache License 2.0
26 stars 40 forks source link

Error: failed creating IAM Role (name1-alb-ingress): MalformedPolicyDocument: Federated principals must be valid domain names or SAML metadata ARNs #24

Open Epic55 opened 2 years ago

Epic55 commented 2 years ago

Contact Details (optional)

No response

Description. What happened?

When i try to install this module after installing eks module i receive: Error: failed creating IAM Role (name1-alb-ingress): MalformedPolicyDocument: Federated principals must be valid domain names or SAML metadata ARNs. What is the issue?

Steps to reproduce

install this module

module "eks-lb-controller" {
  source = "git::https://github.com/DNXLabs/terraform-aws-eks-lb-controller.git"
  cluster_identity_oidc_issuer     = module.eks.cluster_oidc_issuer_url
  cluster_identity_oidc_issuer_arn = module.eks.oidc_provider_arn
  cluster_name                     = module.eks.cluster_id
}

Expected behavior

No response

Actual behavior

i receive error

Occurrence

Frequently

Relevant log output

No response

Code of Conduct

benjimin commented 2 years ago

What version of terraform are you using?

AGirin commented 1 year ago

Same issue here: Error: failed creating IAM Role (eks-tech-alb-ingress): MalformedPolicyDocument: Federated principals must be valid domain names or SAML metadata ARNs │ status code: 400, request id: a20397b1-558b-4528-9360-f1b6cde084d2 │ │ with module.alb_controller.aws_iam_role.lb_controller[0], │ on .terraform/modules/alb_controller/iam.tf line 361, in resource "aws_iam_role" "lb_controller": │ 361: resource "aws_iam_role" "lb_controller" { Terraform v1.3.7 Latest module version.

AGirin commented 1 year ago

Answered my own question: cluster_identity_oidc_issuer = data.terraform_remote_state.eks.outputs.cluster_oidc_issuer_url cluster_identity_oidc_issuer_arn = data.terraform_remote_state.eks.outputs.oidc_provider_arn

It used to be: cluster_identity_oidc_issuer = "data.terraform_remote_state.eks.outputs.cluster_oidc_issuer_url" cluster_identity_oidc_issuer_arn = "data.terraform_remote_state.eks.outputs.oidc_provider_arn"

aldwnesx commented 1 year ago

I am getting the following error:

I am getting 

module.load_balancer_controller.helm_release.lb_controller[0]: Creating...
╷
│ Error: Kubernetes cluster unreachable: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
│ 
│   with module.load_balancer_controller.helm_release.lb_controller[0],
│   on .terraform/modules/load_balancer_controller/helm.tf line 1, in resource "helm_release" "lb_controller":
│    1: resource "helm_release" "lb_controller" {

I am not sure if this is related to the iam policy

SerhiiKorolik commented 1 year ago

With the latest code receive the same error as above. The module seems to be not in good shape 😞

caussourd commented 5 months ago

Concerning this error: 

module.load_balancer_controller.helm_release.lb_controller[0]: Creating...
╷
│ Error: Kubernetes cluster unreachable: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
│ 
│   with module.load_balancer_controller.helm_release.lb_controller[0],
│   on .terraform/modules/load_balancer_controller/helm.tf line 1, in resource "helm_release" "lb_controller":
│    1: resource "helm_release" "lb_controller" {

The creation of the Kubernetes cluster and the load balancer controller should be managed separately (2 different apply commands). See official documentation: https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs#stacking-with-managed-kubernetes-cluster-resources