dtwilliamsWork
commented
4 weeks ago ignore me, i managed to get it to work using the aws_eks_cluster_auth.prod.token instead
My aws_eks_cluster_auth was using an assume role and once I added this to the EKS aws-auth config map it was able to connect.
Not sure why the exec plugin has stopped working though. Also seems to fail on the helm and argocd terraform providers so I'm guessing it's something to do with GitHub actions runners.
provider "aws" {
alias = "prod"
region = "eu-west-2"
assume_role {
role_arn = "arn:aws:iam::1234567890:role/prod_assume_role_arn"
}
}
data "aws_eks_cluster_auth" "prod" {
provider = aws.prod
name = data.aws_eks_cluster.prod.name
}
I'm not sure if this is an issue with the provider or GitHub actions runner.
Still, we've been using the Kubernetes provider without issue for a couple of years, but in recent weeks, we have been getting an error when using the exec plugin to get a token to authenticate to our EKS cluster when running in GitHub Actions.
It says the
exec: executable aws not found.I have added a step in our pipeline to install the aws-cli but still it doesn't work.
I know I can change it to use a
token = data.aws_eks_cluster_auth.prod.tokeninstead, but I am gettingError: Unauthorizederror when using that as I'm not sure what IAM role it's using when using an aws_eks_cluster_auth token and my EKS is on a different AWS account to the one I'm running the pipeline. I will need to edit my aws-auth config map on my Prod EKS to give it access, but am not sure what ARN to use.I'm trying to add a Prod ArgoCD EKS cluster to my dev ArgoCD instance, hence the need to set up Kubernetes cluster roles, bindings, service accounts, and secret tokens.