kubectl error You must be logged in to the server (Unauthorized) when accessing EKS cluster
Hi guys!
I am doing the hands-on lab on AWS EKS and CodePipeline topic. See the link below
https://000062.awsstudygroup.com/
I am stuck in step 4.6 when I create a Pipeline using CloudFormation template. The Code Build failed because of an error as I attached in the photo.
Please help me check!
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Hello there,
The error: You must be logged in to the server (Unauthorized) you encountered is because the kubectl in the CodeBuild is not configured properly for Amazon EKS or the IAM user or role credentials that you are using do not map to a Kubernetes RBAC user with sufficient permissions in your Amazon EKS cluster.
Things to check:
- The Service role for CodeBuild service: eks-CodeBuildServiceRole should have this permission below. It gives it full access to EKS.
{
"Sid": "EKSAccessPolicy",
"Effect": "Allow",
"Action": [
"eks:*"
],
"Resource": "*"
}
- Mapping of the Service role for CodeBuild to a Kubernetes RBAC user. From terminal Cloud9 to which you have connected EKS cluster, verify the configMap aws-auth has the right entry for the IAM role: eks-CodeBuildServiceRole with the command:
kubectl edit configmaps aws-auth -n kube-system
The eks-CodeBuildServiceRole should be mapped to masters. Be sure your AWS_ACCOUNT_ID is substituted in the snippet below:
- groups:
- system:masters
rolearn: arn:aws:iam::{$AWS_ACCOUNT_ID}}:role/eks-CodeBuildServiceRole
username: codebuild-eks
I was able to reproduce the steps in the guide. See the CodeBuild result.
Relevanter Inhalt
AWS OFFICIALAktualisiert vor einem Jahr- AWS OFFICIALAktualisiert vor einem Jahr
Thanks for your helps! Let me check again! I think the problem is in Mapping of the Service role for CodeBuild to a Kubernetes RBAC user.
Hi, I substituted my AWS_ACCOUNT_ID in aws-auth.yaml file but the same error still occur. Please help me check!