I have created a EKS cluster for gitlab runners, when I execute the terraform operations the Container Pod ( Kubernetes Excutor) assumes Worker Node Role. AS per documentation of EKS and also Terraform
2021/04/20 11:30:35 [DEBUG] checking for provisioner in "."
2021/04/20 11:30:35 [DEBUG] checking for provisioner in "/bin"
2021/04/20 11:30:35 [INFO] Failed to read plugin lock file .terraform/plugins/linux_amd64/lock.json: open .terraform/plugins/linux_amd64/lock.json: no such file or directory
Here as we can see the Runner makes call for Identity and gets eks-node role i.e worker node Role, instead of the Pod Role.
The AWS team has verified all the IAM rle and eks cluster settings, its now terraform issue thats giving wrong output.
I have tried all suggestions from blogs but not able to get pass this worker node Role. I do not want the worker node role to come in picture, but Pod Role should be used. The Pod has AWS_ROLE_ARN set correctly.
I have created a EKS cluster for gitlab runners, when I execute the terraform operations the Container Pod ( Kubernetes Excutor) assumes Worker Node Role. AS per documentation of EKS and also Terraform
terraformdocs
The terraform init fails with below error ---
Initializing the backend...
2021/04/20 11:30:35 [INFO] Successfully derived credentials from session
2021/04/20 11:30:35 [INFO] AWS Auth provider used: "EC2RoleProvider"
2021/04/20 11:30:35 [DEBUG] Trying to get account information via sts:GetCallerIdentity
2021/04/20 11:30:35 [DEBUG] [aws-sdk-go] DEBUG: Request sts/GetCallerIdentity Details:
---[ REQUEST POST-SIGN ]-----------------------------
POST / HTTP/1.1
Host: sts.amazonaws.com
User-Agent: aws-sdk-go/1.37.0 (go1.15.6; linux; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.14.7
Content-Length: 43
Authorization: , SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token, Signature= Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Date: 20210420T113035Z
X-Amz-Security-Token: xxxxxxxxxx
HTTP/1.1 200 OK
Connection: close
Content-Length: 462
Content-Type: text/xml
Date: Tue, 20 Apr 2021 11:30:34 GMT
X-Amzn-Requestid: 50c57d8f-66c4-4807-9eb9-4ba240f3fbdd
2021/04/20 11:30:35 [DEBUG] [aws-sdk-go]
2021/04/20 11:30:35 [DEBUG] checking for provisioner in "."
2021/04/20 11:30:35 [DEBUG] checking for provisioner in "/bin"
2021/04/20 11:30:35 [INFO] Failed to read plugin lock file .terraform/plugins/linux_amd64/lock.json: open .terraform/plugins/linux_amd64/lock.json: no such file or directory
Here as we can see the Runner makes call for Identity and gets eks-node role i.e worker node Role, instead of the Pod Role.
The AWS team has verified all the IAM rle and eks cluster settings, its now terraform issue thats giving wrong output.
I have tried all suggestions from blogs but not able to get pass this worker node Role. I do not want the worker node role to come in picture, but Pod Role should be used. The Pod has AWS_ROLE_ARN set correctly.
Please assist asap