未找到配置映射“aws-auth”答案

【问题标题】：configmaps "aws-auth" not found未找到配置映射“aws-auth”
【发布时间】：2022-05-20 10:47:08
【问题描述】：

我使用 terraform module 启动了一个 EKS 集群

我的模板看起来像这样：

module "eks" {
source          = "terraform-aws-modules/eks/aws"
version         = "17.20.0"
cluster_name    = "${var.cluster_name}"
cluster_version = var.cluster_version
subnets         = ["${var.public_subnet_1}", 
"${var.public_subnet_2}","${var.public_subnet_3}"]
vpc_id          = var.vpc_id
cluster_security_group_id = "${var.master_sg_id}"
worker_security_group_id =  "${var.master_sg_id}"
workers_additional_policies =[aws_iam_policy.siera_alb_ingress_controller_policy.arn]
workers_role_name = "${var.cluster_name}-${var.environment}-${var.aws_region}-worker-role"
map_roles = [
  {
  rolearn   = "arn:aws:iam::${var.account_no}:role/${var.cluster_name}-${var.environment}-${var.aws_region}-worker-role"
  username  = "system:node:{{EC2PrivateDNSName}}"
  groups    = ["system:bootstrappers","system:nodes"]
  },
  {
  rolearn   = "arn:aws:sts::${var.account_no}:assumed-role/${var.assumed_role_1}"
  username  = "admin"
  groups    = ["system:masters","system:nodes","system:bootstrappers"]
  },
  {
  rolearn  = "arn:aws:sts::${var.account_no}:assumed-role/${var.assumed_role_2}"
  username  = "admin"
  groups    = ["system:masters","system:nodes","system:bootstrappers"]
  }
]
  tags = {
    Purpose = "${var.project}"
    Environment = "${var.environment}"
  }

worker_groups_launch_template = [
{
  name                  = "${var.cluster_name}-lt"
  key_name              = "${var.node_key}"
  additional_userdata   = <<EOT
                          "echo dummy" 
                          EOT
  instance_type         = "${var.node_size}"
  asg_min_size          = 3
  asg_desired_capacity  = 3
  asg_max_size          = 5
  autoscaling_enabled   = true
  asg_force_delete      = true
  public_ip             = true
  enable_monitoring     = false
  root_volume_size      = 80
  suspended_processes   = ["AZRebalance"]
  tags = [
    {
      "key"                 = "k8s.io/cluster-autoscaler/enabled"
      "propagate_at_launch" = "false"
      "value"               = "true"
    },
    {
      "key"                 = "k8s.io/cluster-autoscaler/${var.cluster_name}"
      "propagate_at_launch" = "false"
      "value"               = "true"
    }
  ]
}
] 
manage_aws_auth = false 
}

如您所见，我正在尝试使用 map_roles 添加 aws-auth configmap。

在我运行kubectl describe configmap -n kube-system aws-auth时启动集群后

它给出了这个错误：Error from server (NotFound): configmaps "aws-auth" not found

我错过了什么？请帮忙

【问题讨论】：

在不知道你是如何获得用于发出kubectl 的KUBECONFIG 的情况下，没有人可以帮助你，但几乎总是当EKS 和kubectl 打架时，这是因为那个kubectl 中的exec: 不是作为 EKS 集群的“所有者 IAM 角色”运行
@mdaniel 我使用 eks cli update-kubeconfig 命令更新了上下文。如果这就是你要问的
不会自动创建。您必须构建 aws-auth YAML 配置并首次手动应用它。
您已明确设置manage_aws_auth = false，但map_roles 必须为真
@jordanm 你是对的。谢谢它清除了错误。我现在收到这个“错误：configmaps “aws-auth”已经存在”的问题。有什么想法吗？

标签： amazon-web-services docker kubernetes amazon-eks

【解决方案1】：

嘿，我看到了同样的问题，问题是 kubernetes 提供程序没有连接到最近创建的集群。我在 main.tf 中添加了一段代码。

您可以直接在https://github.com/terraform-aws-modules/terraform-aws-eks/pull/2083 上查看吗？但我也将其粘贴在这里以防万一。

...
provider "kubernetes" {
  host                   = aws_eks_cluster.this[0].endpoint
  cluster_ca_certificate = base64decode(aws_eks_cluster.this[0].certificate_authority[0].data)
  exec {
    api_version = "client.authentication.k8s.io/v1alpha1"
    args        = ["eks", "get-token", "--cluster-name", aws_eks_cluster.this[0].name]
    command     = "aws"
  }
}
resource "kubernetes_config_map" "aws_auth" {
  count = var.create && var.create_aws_auth_configmap ? 1 : 0
...

希望对你有帮助！

【讨论】：