I first deployed just the cluster and then added the aws_auth code.I am using TFv1.5.0. My eks.tf config looks like below:
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "19.15.3"
cluster_name = "rts-cluster"
cluster_version = "1.25"
cluster_endpoint_private_access = true
vpc_id = "vpc-xxxx"
subnet_ids = ["subnet-xxxx","subnet-xxxx"]
enable_irsa = true
fargate_profiles = {
coredns-fargate-profile = {
name = "coredns"
selectors = [
{
namespace = "kube-system"
labels = {
k8s-app = "kube-dns"
}
},
{
namespace = "default"
}
]
subnets = ["subnet-xxxx","subnet-xxxxx"]
}
}
manage_aws_auth_configmap = true
aws_auth_roles = [
{
rolearn = "arn:aws:iam::xxxxxxxx:role/aws-reserved/sso.amazonaws.com/eu-west-1/AWSReservedSSO_CloudDevOpsSupportAccess_xxxxx"
username = "{{SessionName}}"
groups = ["system:masters"]
},
{
rolearn = "arn:aws:iam::xxxxxxxx:role/aws-reserved/sso.amazonaws.com/eu-west-1/AWSReservedSSO_AWSAdministratorAccess_xxxxxx"
username = "{{SessionName}}"
groups = ["system:masters"]
},
]
tags = local.common_tags
}
I have also added the below in mainf.tf as suggested in this issue(error configmap "aws-auth" does not exist and creating IAM Policy ekstest-additional: ConcurrentModification: Found Tagris has different internal · Issue #2525 · terraform-aws-modules/terraform-aws-eks · GitHub):
provider "kubernetes" {
host = module.eks.cluster_endpoint
cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
token = data.aws_eks_cluster_auth.eks.token
exec {
api_version = "client.authentication.k8s.io/v1beta1"
command = "aws"
# This requires the awscli to be installed locally where Terraform is executed
args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name, "--output", "json"]
}
}
data "aws_eks_cluster_auth" "eks" {
name = module.eks.cluster_name
}
The error I get is:
"msg": "\nError: The configmap \"aws-auth\" does not exist\n\n with module.eks.kubernetes_config_map_v1_data.aws_auth[0],\n on .terraform/modules/eks/main.tf line 553, in resource \"kubernetes_config_map_v1_data\" \"aws_auth\":\n 553: resource \"kubernetes_config_map_v1_data\" \"aws_auth\" {",
"rc": 1,
"stderr": "\nError: The configmap \"aws-auth\" does not exist\n\n with module.eks.kubernetes_config_map_v1_data.aws_auth[0],\n on .terraform/modules/eks/main.tf line 553, in resource \"kubernetes_config_map_v1_data\" \"aws_auth\":\n 553: resource \"kubernetes_config_map_v1_data\" \"aws_auth\" {\n\n",
"stderr_lines": [
"",
"Error: The configmap \"aws-auth\" does not exist",
"",
" with module.eks.kubernetes_config_map_v1_data.aws_auth[0],",
" on .terraform/modules/eks/main.tf line 553, in resource \"kubernetes_config_map_v1_data\" \"aws_auth\":",
" 553: resource \"kubernetes_config_map_v1_data\" \"aws_auth\" {",
""
],
If I do add create_aws_auth_configmap = true, this is the error I get.
"msg": "\nError: Post \"https://xxxxxxxx.gr7.eu-west-1.eks.amazonaws.com/api/v1/namespaces/kube-system/configmaps\": dial tcp 100.68.84.8:443: i/o timeout\n\n with module.eks.kubernetes_config_map.aws_auth[0],\n on .terraform/modules/eks/main.tf line 536, in resource \"kubernetes_config_map\" \"aws_auth\":\n 536: resource \"kubernetes_config_map\" \"aws_auth\" {",
"rc": 1,
"stderr": "\nError: Post \"https://xxxxxxxxxxxxxx.gr7.eu-west-1.eks.amazonaws.com/api/v1/namespaces/kube-system/configmaps\": dial tcp 100.68.84.8:443: i/o timeout\n\n with module.eks.kubernetes_config_map.aws_auth[0],\n on .terraform/modules/eks/main.tf line 536, in resource \"kubernetes_config_map\" \"aws_auth\":\n 536: resource \"kubernetes_config_map\" \"aws_auth\" {\n\n",
"stderr_lines": [
"",
"Error: Post \"https://xxxxxxxxxx.gr7.eu-west-1.eks.amazonaws.com/api/v1/namespaces/kube-system/configmaps\": dial tcp 100.68.84.8:443: i/o timeout",
"",
" with module.eks.kubernetes_config_map.aws_auth[0],",
" on .terraform/modules/eks/main.tf line 536, in resource \"kubernetes_config_map\" \"aws_auth\":",
" 536: resource \"kubernetes_config_map\" \"aws_auth\" {",
""
],