AWS EKS token is not working

[mo-saeed]

Hi,

As discussed in this thread https://kubernetes.slack.com/archives/C01FXB5E8ER/p1723803960266089. I am having login issue using aws eks get-token command. I see that in the browser devtools console

auth failed: Error: Forbidden - selfsubjectrulesreviews.authorization.k8s.io is forbidden: User "system:anonymous" cannot create resource "selfsubjectrulesreviews" in API group "authorization.k8s.io" at the cluster scope

my user has cluster admin. the token works with kubectl, openlens, k8s dashboard.

I am also impacted by this https://github.com/headlamp-k8s/headlamp/issues/1716

[illume]

There's some fixes for this in the main branch now. It will be in the next release v0.26.0.

• https://github.com/headlamp-k8s/headlamp/pull/2269
• https://github.com/headlamp-k8s/headlamp/pull/2271

[mo-saeed]

Unfortunately the issues are still there. Tested on 2 mac and didn't work and one linux machine the kubeconfig was loaded but the token is not working. Can you please re-open ?

[mo-saeed]

Hi, I found the issue with Headlamp and EKS, when I run aws eks update-kubeconfig command to get the kubeconfig, the default context name is the EKS cluster ARN which seems to be the issue, when i changed the context to short string, it worked fine. I think the context name maybe used somewhere in the code and break sth as it contains : and / but not sure. maybe you can check that, but for me i am fine with changing the context name. but I think its important to clarify that for the new users.