Closed lajchon closed 3 months ago
Some additional information- on the cluster side, we see the authenticator is logging the following on repeat:
{
"Error": {
"Code": "SignatureDoesNotMatch",
"Message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.",
"Type": "Sender"
},
"RequestId": "171b39d0-6bd1-4c09-97eb-1e3ee7f23098"
}
could be related to https://github.com/aws/aws-sdk-go-v2/issues/2567
Is there an existing issue for this?
Affected Resource(s)
No response
Resource MRs required to reproduce the bug
No response
Steps to Reproduce
After creating EKS
Cluster
, createClusterAuth
withwriteConnectionSecretToRef
configured. Create provider-kubernetes ProviderConfig to referenceClusterAuth
Secret, or retrievekubeconfig
from Secret to use manually.ProviderConfig
configured with IRSAcredentials.source
andassumeRoleChain
.What happened?
When utilizing provider-aws-eks
v1.3.0
, usage of thekubeconfig
results incannot get object: failed to get API group resources: unable to retrieve the complete list of server APIs: apps/v1: Unauthorized
.Downgrade to provider-aws-eks
v1.2.0
, andkubeconfig
is updated and access to the EKS cluster is available.The same results are exhibited when accessing an EKS cluster provisioned with
v1.2.0
, which worked as expected, but after upgrading tov1.3.0
, theUnauthorized
error began.Relevant Error Output Snippet
No response
Crossplane Version
1.15.1
Provider Version
1.3.0
Kubernetes Version
v1.29.2
Kubernetes Distribution
EKS
Additional Info
No response