search

kubernetes-sigs / cluster-api-provider-aws

Kubernetes Cluster API Provider AWS provides consistent deployment and day 2 operations of "self-managed" and EKS Kubernetes clusters on AWS.
http://cluster-api-aws.sigs.k8s.io/
Apache License 2.0
636 stars 560 forks source link

Running Cluster API Provider out-of-cluster does not load AWS Shared Config for some controllers #5117

Open adammw opened 2 weeks ago

adammw commented 2 weeks ago

/kind bug

What steps did you take and what happened: Trying to run cluster-api-provider-aws out-of-cluster under a debugging IDE, the AWS Shared Config is partially loaded for some clusters, but for others Reconciler errors occur:

E0906 14:38:57.113013    1102 controller.go:329] "Reconciler error" err=<
        failed to create scope: failed to create aws session: Failed to retrieve identity credentials: NoCredentialProviders: no valid providers in chain. Deprecated.

What did you expect to happen: Shared config is read where the session is created.

Anything else you would like to add: It appears that all other parts of the codebase pass through SharedConfigEnable (example) however pkg/cloud/scope/session.go#L176 does not.

This can be worked-around by setting the AWS_SDK_LOAD_CONFIG environment variable to a truthy value.

Environment:

k8s-ci-robot commented 2 weeks ago

This issue is currently awaiting triage.

If CAPA/CAPI contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
hardcorder666 commented 1 week ago

We are experiencing same error:

I0917 06:12:17.996661       1 eksconfig_controller.go:220] "Control Plane has not yet been initialized" controller="eksconfig" controllerGroup="bootstrap.cluster.x-k8s.io" controllerKind="EKSConfig" EKSConfig="sbx-clusters/bkarthikcapa01-sbx-va6-system" namespace="sbx-clusters" name="bkarthikcapa01-sbx-va6-system" reconcileID="6aabadd5-4dd0-4a26-8c5b-9f1dc3e0823b"
E0917 06:12:30.825554       1 controller.go:329] "Reconciler error" err=<
    failed to create scope: failed to create aws session: Failed to retrieve identity credentials: NoCredentialProviders: no valid providers in chain. Deprecated.
        For verbose messaging see aws.Config.CredentialsChainVerboseErrors
 > controller="awsmanagedcontrolplane" controllerGroup="controlplane.cluster.x-k8s.io" controllerKind="AWSManagedControlPlane" AWSManagedControlPlane="sbx-clusters/bkarthikcapa01-sbx-va6" namespace="sbx-clusters" name="bkarthikcapa01-sbx-va6" reconcileID="eeedd573-e900-458b-878a-176cb7ac1877"

Is there any ETA for this?