Terraform 计划 AWS 未授权问题
Terraform plan AWS Unauthorized issue
UPD:通过将 AWS 用户更改为 terraform 运行 集群 map_users 中列出的用户来解决该问题。
我不是 DevOps 人员,所以很抱歉可能是一个愚蠢的问题。尝试使某些现有的 terraform 配置正常工作,但在 terraform plan 步骤失败。具有访问权限 key/secret 的已用 IAM 用户看起来有足够的权限来访问所需的任何内容,但错误仍然存在,因此似乎缺少某些权限。有什么想法吗?
错误是:
Error: Invalid credentials
│
│ with kubernetes_manifest.virtual_service["graphql-api"],
│ on istio.tf line 42, in resource "kubernetes_manifest" "virtual_service":
│ 42: resource "kubernetes_manifest" "virtual_service" {
│
│ The credentials configured in the provider block are not accepted by the
│ API server. Error: Unauthorized
这是provider.tf:
terraform {
required_version = ">= 1.1.5"
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = ">= 2.11.0"
}
helm = {
source = "hashicorp/helm"
version = ">= 2.5.1"
}
aws = {
source = "hashicorp/aws"
version = ">= 4.15.1"
}
}
}
provider "aws" {
region = var.region
access_key = var.aws_key
secret_key = var.aws_secret
}
data "aws_eks_cluster" "eks" {
name = var.cluster_name
}
provider "kubernetes" {
host = data.aws_eks_cluster.eks.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data)
exec {
api_version = "client.authentication.k8s.io/v1alpha1"
args = ["eks", "get-token", "--cluster-name", var.cluster_name]
command = "aws"
}
}
data "aws_caller_identity" "current" {}
provider "helm" {
kubernetes {
host = data.aws_eks_cluster.eks.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data)
exec {
api_version = "client.authentication.k8s.io/v1alpha1"
args = ["eks", "get-token", "--cluster-name", var.cluster_name]
command = "aws"
}
}
}
解决方案是使用 map_users configmap 中列出的 AWS 用户将集群用于 运行 Terraform。感谢@MarkoE。
UPD:通过将 AWS 用户更改为 terraform 运行 集群 map_users 中列出的用户来解决该问题。
我不是 DevOps 人员,所以很抱歉可能是一个愚蠢的问题。尝试使某些现有的 terraform 配置正常工作,但在 terraform plan 步骤失败。具有访问权限 key/secret 的已用 IAM 用户看起来有足够的权限来访问所需的任何内容,但错误仍然存在,因此似乎缺少某些权限。有什么想法吗?
错误是:
Error: Invalid credentials
│
│ with kubernetes_manifest.virtual_service["graphql-api"],
│ on istio.tf line 42, in resource "kubernetes_manifest" "virtual_service":
│ 42: resource "kubernetes_manifest" "virtual_service" {
│
│ The credentials configured in the provider block are not accepted by the
│ API server. Error: Unauthorized
这是provider.tf:
terraform {
required_version = ">= 1.1.5"
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = ">= 2.11.0"
}
helm = {
source = "hashicorp/helm"
version = ">= 2.5.1"
}
aws = {
source = "hashicorp/aws"
version = ">= 4.15.1"
}
}
}
provider "aws" {
region = var.region
access_key = var.aws_key
secret_key = var.aws_secret
}
data "aws_eks_cluster" "eks" {
name = var.cluster_name
}
provider "kubernetes" {
host = data.aws_eks_cluster.eks.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data)
exec {
api_version = "client.authentication.k8s.io/v1alpha1"
args = ["eks", "get-token", "--cluster-name", var.cluster_name]
command = "aws"
}
}
data "aws_caller_identity" "current" {}
provider "helm" {
kubernetes {
host = data.aws_eks_cluster.eks.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data)
exec {
api_version = "client.authentication.k8s.io/v1alpha1"
args = ["eks", "get-token", "--cluster-name", var.cluster_name]
command = "aws"
}
}
}
解决方案是使用 map_users configmap 中列出的 AWS 用户将集群用于 运行 Terraform。感谢@MarkoE。