Terraform Cloud - Kubernetes provider aws cli not installed

Hi,

Please I need some help.

I have been using Terraform Cloud for a year with no issues. Today my developers started complaining Terraform Cloud was throwing the following error anytime they wanted to deploy.

Error: Kubernetes cluster unreachable: Get "https://MYCLUSTERIDWHICHICANTPRINTHERE.gr7.ap-southeast-2.eks.amazonaws.com/version?timeout=32s": getting credentials: exec: executable aws not found It looks like you are trying to use a client-go credential plugin that is not installed. To learn more about this feature, consult the documentation available at: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins

I found my kubernetes provider exec command was using api_version=“client.authentication.k8s.io/v1alpha1” which I upgraded to v1beta1 but the same error. I upgraded to the latest kubernetes and helm providers but still the same problem. I’m running Terraform Cloud with Terraform v1.1.9

This is my kubernetes provider configuration, nothing special really.

provider "kubernetes" {
  host                   = data.aws_eks_cluster.kubernetes_cluster.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.kubernetes_cluster.certificate_authority.0.data)
  exec {
    api_version = "client.authentication.k8s.io/v1beta1"
    args        = ["eks", "get-token", "--cluster-name", local.cluster_name, "--role-arn", var.kubernetes_access_role ]
    command     = "aws"
  }
}

At this point I’m not sure if there is any problem with the workers aws configuration. Please any help appreciated.

5 Likes

I’ve the same problem.

ditto. We started experiencing the same issues. EKS 1.22, and Terraform 1.0.8.

Hello. Please help. Facing same issue.

Hashicorp deleted awscli from agents
I can fixed this issue with this code

provider "kubernetes" {
  host                   = data.aws_eks_cluster.cluster.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
  token                  = data.aws_eks_cluster_auth.cluster.token
}

For anyone else that uses the AWS cli for something more than the Kubernetes provider stated above, e.g. getting some presigned link or something:

we’ve created a null_resource with a local exec that downloads the cli zip, unpacks it and installs it in the home folder using the -i and -b arguments as said on the aws cli site. You use the -i and -b arguments so we can omit sudo.

This results in being able to run it from “~/awsbin/aws” assuming the -b was supplied with ~/awsbin.

Next step is to create a depends_on on the null resource for the resources that use the aws cli.

Adding the cli installation during the run of a script results in errors when there are multiple stages trying to install the aws cli at the start of said multiple stages.