我尝试使用以下 terraform 配置:
provider "helm" {
kubernetes {
host = aws_eks_cluster.La-Production-EKS.endpoint
cluster_ca_certificate = base64decode(aws_eks_cluster.La-Production-EKS.certificate_authority[0].data)
exec {
api_version = "client.authentication.k8s.io/v1beta1"
args = ["eks", "get-token", "--cluster-name", aws_eks_cluster.La-Production-EKS.id]
command = "aws"
}
}
}
### ---------------------- EKS LB Controller ----------------------
resource "helm_release" "aws-load-balancer-controller" {
name = "aws-load-balancer-controller"
repository = "https://aws.github.io/eks-charts"
chart = "aws-load-balancer-controller"
namespace = "kube-system"
version = "1.4.1"
set {
name = "clusterName"
value = aws_eks_cluster.cluster.id
}
set {
name = "image.tag"
value = "v2.4.2"
}
set {
name = "serviceAccount.name"
value = "aws-load-balancer-controller"
}
set {
name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
value = aws_iam_role.aws_load_balancer_controller.arn
}
}
当我在本地使用时,它不会出现任何错误,但是当我尝试在 CI/CD 中使用 terraform 时,主要是它在 CI/CD 上的 terraform plan 命令上失败。我得到以下输出:
Error: Kubernetes cluster unreachable: the server has asked for the client to provide credentials
使用 helm_release.aws-load-balancer-controller, 在 EKS-LoadBalancer-Controller.tf 第 15 行,资源“helm_release”“aws-load-balancer-controller”中: 15:资源“helm_release”“aws-load-balancer-controller”{
如何修复?我尝试使用:
provider "helm" {
kubernetes {
config_path = "$PATH_KUBECONFIG"
}
} # And passing Gitlab CI/CD File Env Variable as $PATH_KUBECONFIG to my Kubernetes
但是,它仍然输出相同的错误。任何提示或想法表示赞赏
我相信您问题的根本原因与EKS集群有关。
helm 提供程序正在尝试从不存在的集群获取凭据。
为了解决您的问题,您可以在集群创建后使用数据块获取集群信息,并使用它们将 helm 提供程序与您的集群连接起来。
您可以使用此配置块
data "aws_eks_cluster" "cluster" {
name = aws_eks_cluster.La-Production-EKS.id
}
data "aws_eks_cluster_auth" "cluster" {
name = aws_eks_cluster.La-Production-EKS.id
}
provider "helm" {
kubernetes {
host = data.aws_eks_cluster.cluster.endpoint
token = data.aws_eks_cluster_auth.cluster.token
cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
}
}