Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CodeBuild to deploy to EKS - giving error "You must be logged in to the server (Unauthorized)" #329

Closed
sibendu opened this issue Jul 30, 2020 · 4 comments
Closed

CodeBuild to deploy to EKS - giving error "You must be logged in to the server (Unauthorized)" #329

sibendu opened this issue Jul 30, 2020 · 4 comments

Comments

@sibendu
Copy link

sibendu commented Jul 30, 2020
edited
Loading

Hi All,
I am trying to deploy to EKS from CodeBuild. It is using a service role "codebuild-checking-service-role". I have tried adding this service role in configmap aws-auth. I have tried adding it under mapRoles: section, as well as also tried with it uner mapUsers: section (following some sugestions). But in both case it is giving an error - You must be logged in to the server (Unauthorized)

Since it is creating a dynamic role binding , is it sufficient to add on service role arn i.e. for the caller identity it shows arn:aws:sts::11111111111:assumed-role/codebuild-checking-service-role/AWSCodeBuild-b8e28caf-28f5-4eec-bda5-a3ea4174da26 ; since it is dynamic value how will it work?

2020/07/30 18:16:18 Running command aws sts get-caller-identity --
20 | {
21 | "UserId": "AROA2TWYKNW7S2GT3EEBP:AWSCodeBuild-b8e28caf-28f5-4eec-bda5-a3ea4174da26",
22 | "Account": "11111111111",
23 | "Arn": "arn:aws:sts::11111111111:assumed-role/codebuild-checking-service-role/AWSCodeBuild-b8e28caf-28f5-4eec-bda5-a3ea4174da26"
24 | }
25 |  
26 | [Container] 2020/07/30 18:16:24 Running command aws eks update-kubeconfig --name <---> --region <--->
27 | Added new context arn:aws:eks:ap-south-1:729524366783:cluster/eks-digital to /root/.kube/config
28 |  
29 | [Container] 2020/07/30 18:16:24 Running command aws eks update-kubeconfig --name <---> --region <---> --role-arn arn:aws:iam::11111111111:role/service-role/codebuild-checking-service-role
30 | Updated context arn:aws:eks:ap-south-1:729524366783:cluster/eks-digital in /root/.kube/config
31 |  
32 | [Container] 2020/07/30 18:16:25 Running command kubectl get nodes
33 | error: You must be logged in to the server (Unauthorized)

Thanks a lot for any suggestion.
Regards.
@ArtoKeskiniva
Copy link

I had the very same issue - and finally found a resolution here: #268
The point is to be remove extra path component from role ARN in configmap.

@sibendu
Copy link
Author

sibendu commented Jul 31, 2020

Absolutely precise. Thank you very much @ArtoKeskiniva

@sibendu sibendu closed this as completed Jul 31, 2020
@sibendu
Copy link
Author

sibendu commented Jul 31, 2020

resolution : #268

@alhucave
Copy link

Mismo problema... muchas gracias

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alhucave @sibendu @ArtoKeskiniva