Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

how to authenticate to eks cluster using the eks-kubectl-run pipe Edited

pipe version: aws-eks-kubectl-run:1.1.1

My Bitbucket Pipeline

- pipe: atlassian/aws-eks-kubectl-run:1.1.1
variables:
AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY
AWS_DEFAULT_REGION: $REGION
CLUSTER_NAME: $CLUSTER_NAME
KUBECTL_COMMAND: 'set image deployment/app-frontend app-frontend=$IMAGE_NAME'

Error Message:
Added new context arn:aws:eks:[region]:[aws_id]:cluster/[cluster_name] to /root/.kube/config
Successfully updated the kube config.
error: You must be logged in to the server (Unauthorized)
kubectl set image deployment/app-frontend app-frontend=IMAGE_NAME failed.

can anyone please guide me on how to authenticate using this pipe? as the documentation doesn't say much aside from filling in those required variables.

Thanks 

2 answers

1 accepted

2 votes
Answer accepted

after much research finally found the solution. Apparently in AWS EKS, by default only the cluster creator IAM can interact with the eks cluster through kubectl.

From AWS EKS Documentation

When you create an Amazon EKS cluster, the IAM entity user or role, such as a federated user that creates the cluster, is automatically granted system:masters permissions in the cluster's RBAC configuration. To grant additional AWS users or roles the ability to interact with your cluster, you must edit the aws-auth ConfigMap within Kubernetes.

AWS EKS Documentation: Managing Users or IAM Roles for your Cluster 

Hi @martinyung , thanks for taking time to share your findings. We will update the docs with more information, including this caveat. 

Like # people like this

I had the same issue running on version atlassian/aws-eks-kubectl-run:1.2.1.  By just edited the config map (kubectl edit -n kube-system configmap/aws-auth) and adding the user I configured in my pipeline fixed it.  Thank you @martinyung this saved alot time!  @Alexander Zhukov if you update the docs, please add to the docs what AWS permissions are required for the AWS user.

Like martinyung likes this

It seems you can also set `ROLE_ARN` as a variable for the pipe. But to find this I had to  look at the source code....

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket Pipelines

What We Learned When We Researched Open Source Vulnerabilities in 7 Popular Coding Languages

...hey are a part of us, shaping how we interact with the world around us. The same holds true for programming languages when we think about how different kinds of vulnerabilities raise their heads in t...

1,223 views 0 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you