AWS-EKS module is giving error configmap \"aws-auth\" does not exist

devang.sanghani · July 7, 2023, 6:25am

I first deployed just the cluster and then added the aws_auth code.I am using TFv1.5.0. My eks.tf config looks like below:

module "eks" {
  source  = "terraform-aws-modules/eks/aws"
  version = "19.15.3"

  cluster_name    = "rts-cluster"
  cluster_version = "1.25"

  cluster_endpoint_private_access = true

  vpc_id = "vpc-xxxx"
  subnet_ids = ["subnet-xxxx","subnet-xxxx"]

  enable_irsa = true
  
  fargate_profiles = {
    coredns-fargate-profile = {
      name = "coredns"
      selectors = [
        {
          namespace = "kube-system"
          labels = {
            k8s-app = "kube-dns"
          }
        },
        {
          namespace = "default"
        }
      ]
      subnets = ["subnet-xxxx","subnet-xxxxx"]
    }
  }
  manage_aws_auth_configmap = true
  aws_auth_roles = [
    {
      rolearn  = "arn:aws:iam::xxxxxxxx:role/aws-reserved/sso.amazonaws.com/eu-west-1/AWSReservedSSO_CloudDevOpsSupportAccess_xxxxx"
      username = "{{SessionName}}"
      groups   = ["system:masters"]
    },
    {
      rolearn  = "arn:aws:iam::xxxxxxxx:role/aws-reserved/sso.amazonaws.com/eu-west-1/AWSReservedSSO_AWSAdministratorAccess_xxxxxx"
      username = "{{SessionName}}"
      groups   = ["system:masters"]
    },
  ]

  tags = local.common_tags
}

I have also added the below in mainf.tf as suggested in this issue(error configmap "aws-auth" does not exist and creating IAM Policy ekstest-additional: ConcurrentModification: Found Tagris has different internal · Issue #2525 · terraform-aws-modules/terraform-aws-eks · GitHub):

provider "kubernetes" {
  host                   = module.eks.cluster_endpoint
  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
  token                  = data.aws_eks_cluster_auth.eks.token
  exec {
    api_version = "client.authentication.k8s.io/v1beta1"
    command     = "aws"
    # This requires the awscli to be installed locally where Terraform is executed
    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name, "--output", "json"]
  }
}
data "aws_eks_cluster_auth" "eks" {
  name = module.eks.cluster_name
}

The error I get is:


    "msg": "\nError: The configmap \"aws-auth\" does not exist\n\n  with module.eks.kubernetes_config_map_v1_data.aws_auth[0],\n  on .terraform/modules/eks/main.tf line 553, in resource \"kubernetes_config_map_v1_data\" \"aws_auth\":\n 553: resource \"kubernetes_config_map_v1_data\" \"aws_auth\" {",
    "rc": 1,
    "stderr": "\nError: The configmap \"aws-auth\" does not exist\n\n  with module.eks.kubernetes_config_map_v1_data.aws_auth[0],\n  on .terraform/modules/eks/main.tf line 553, in resource \"kubernetes_config_map_v1_data\" \"aws_auth\":\n 553: resource \"kubernetes_config_map_v1_data\" \"aws_auth\" {\n\n",
    "stderr_lines": [
        "",
        "Error: The configmap \"aws-auth\" does not exist",
        "",
        "  with module.eks.kubernetes_config_map_v1_data.aws_auth[0],",
        "  on .terraform/modules/eks/main.tf line 553, in resource \"kubernetes_config_map_v1_data\" \"aws_auth\":",
        " 553: resource \"kubernetes_config_map_v1_data\" \"aws_auth\" {",
        ""
    ],

If I do add create_aws_auth_configmap = true, this is the error I get.

"msg": "\nError: Post \"https://xxxxxxxx.gr7.eu-west-1.eks.amazonaws.com/api/v1/namespaces/kube-system/configmaps\": dial tcp 100.68.84.8:443: i/o timeout\n\n  with module.eks.kubernetes_config_map.aws_auth[0],\n  on .terraform/modules/eks/main.tf line 536, in resource \"kubernetes_config_map\" \"aws_auth\":\n 536: resource \"kubernetes_config_map\" \"aws_auth\" {",
    "rc": 1,
    "stderr": "\nError: Post \"https://xxxxxxxxxxxxxx.gr7.eu-west-1.eks.amazonaws.com/api/v1/namespaces/kube-system/configmaps\": dial tcp 100.68.84.8:443: i/o timeout\n\n  with module.eks.kubernetes_config_map.aws_auth[0],\n  on .terraform/modules/eks/main.tf line 536, in resource \"kubernetes_config_map\" \"aws_auth\":\n 536: resource \"kubernetes_config_map\" \"aws_auth\" {\n\n",
    "stderr_lines": [
        "",
        "Error: Post \"https://xxxxxxxxxx.gr7.eu-west-1.eks.amazonaws.com/api/v1/namespaces/kube-system/configmaps\": dial tcp 100.68.84.8:443: i/o timeout",
        "",
        "  with module.eks.kubernetes_config_map.aws_auth[0],",
        "  on .terraform/modules/eks/main.tf line 536, in resource \"kubernetes_config_map\" \"aws_auth\":",
        " 536: resource \"kubernetes_config_map\" \"aws_auth\" {",
        ""
    ],

macmiranda · July 7, 2023, 3:43pm

This just seems to be a networking issue.

devang.sanghani · July 9, 2023, 11:42am

Yes, it is. Is there anything that I need to change in my config file to resolve this?

macmiranda · July 10, 2023, 3:33pm

The IP address above is in the IPv4 Prefix for Shared Address Space, which is only routable from within your own Service Provider. That probably means that when you ran that command you were not using a machine for which the gateway was capable of routing those requests. Since it seems like the first plan worked fine, I can only assume that you ran both commands from different locations, one of them resulting in the timeout.

Topic		Replies	Views
AWS EKS - Terraform: Error configmap "aws-auth" does not exist AWS	14	7285	July 7, 2023
The configmap “aws-auth” does not exist AWS k8s	6	1156	August 11, 2023
Need Help with Automating aws-auth ConfigMap Update in Terraform for EKS AWS	2	503	June 26, 2024
How can I modify the aws-auth configmap created by aws_eks_cluster AWS	0	623	November 2, 2020
Errors with coredns and configmap during deploying aws eks module via terraform Kubernetes	3	2384	October 15, 2022

AWS-EKS module is giving error configmap \"aws-auth\" does not exist

Related topics