Hello everyone, i create an service account and secret in a cluster of eks (kubernetes 1.25).I try to add the new cluster in argocd, here my config:
provider “aws” {
region = var.region
profile = “kiu-apps-stage”
alias = “apps-stage”
default_tags {
tags = {
Environment = “Shared”
IaC = “Terraform”
Status = “PoC”
Owner = “”
}
}
}
provider “kubernetes” {
host = data.aws_eks_cluster.apps_stage.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.apps_stage.certificate_authority.0.data)
alias = “apps-stage”
exec {
api_version = “client.authentication.k8s.io/v1beta1”
args = [“eks”, “get-token”, “–profile”, “kiu-apps-stage”, “–cluster-name”, data.aws_eks_cluster.apps_stage.name]
command = “aws”
}
}
resource “kubernetes_secret” “argocd_manager_stage” {
provider = kubernetes.apps-stage
metadata {
name = “argocd-manager-stage”
}
}
resource “kubernetes_service_account” “argocd_manager_stage” {
provider = kubernetes.apps-stage
metadata {
name = “argocd-tf-manager”
namespace = “kube-system”
}
secret {
name = “${kubernetes_secret.argocd_manager_stage.metadata.0.name}”
}
}
resource “kubernetes_cluster_role” “argocd_manager_stage” {
provider = kubernetes.apps-stage
metadata {
name = “argocd-tf-manager-role”
}
rule {
api_groups = [“*”]
resources = [“*”]
verbs = [“*”]
}
rule {
non_resource_urls = [“*”]
verbs = [“*”]
}
}
resource “kubernetes_cluster_role_binding” “argocd_manager_stage” {
provider = kubernetes.apps-stage
metadata {
name = “argocd-tf-manager-role-binding”
}
role_ref {
api_group = “rbac.authorization.k8s.io”
kind = “ClusterRole”
name = kubernetes_cluster_role.argocd_manager_stage.metadata.0.name
}
subject {
kind = “ServiceAccount”
name = kubernetes_service_account.argocd_manager_stage.metadata.0.name
namespace = kubernetes_service_account.argocd_manager_stage.metadata.0.namespace
}
}
data “kubernetes_secret” “argocd_manager_stage” {
provider = kubernetes.apps-stage
metadata {
name = kubernetes_service_account.argocd_manager_stage.metadata.0.name
namespace = kubernetes_service_account.argocd_manager_stage.metadata.0.namespace
}
}
data “aws_eks_cluster” “example” {
provider = aws.apps-stage
name = “kiu-eks-stage”
}
resource “argocd_cluster” “apps_stage” {
server = data.aws_eks_cluster.apps_stage.endpoint
name = data.aws_eks_cluster.apps_stage.name
config {
bearer_token = data.kubernetes_secret.argocd_manager_stage.data.token
tls_client_config {
ca_data = data.aws_eks_cluster.example.certificate_authority[0].data
}
}
}
i see this error:
│ Error: Attempt to get attribute from null value │ │ on clusters.tf line 289, in resource “argocd_cluster” “apps_stage”: │ 289: bearer_token = data.kubernetes_secret.argocd_manager_stage.data.token │ │ This value is null, so it does not have any attributes. ╵ Releasing state lock. This may take a few moments…
Any ideas??