带有EKS的Terraform Kubernetes提供程序在configmap上失败 [英] Terraform Kubernetes provider with EKS fails on configmap
问题描述
我已按照说明使用Terraform在AWS中创建EKS集群.
I've followed the instructions to create an EKS cluster in AWS using Terraform.
https://www.terraform.io /docs/providers/aws/guides/eks-getting-started.html
我还将复制连接到集群的输出复制到〜/.kube/config-eks中.我已经验证了此成功成功,因为我已经能够连接到集群并手动部署容器.但是,现在我正在尝试使用Terraform Kubernetes提供程序连接到群集,但似乎无法正确配置该提供程序.
I've also copied the output for connecting to the cluster to ~/.kube/config-eks. I've verified this successfully works as I've been able to connect to the cluster and manually deploy containers. However, now i'm trying to use the Terraform Kubernetes provider to connect to the cluster but cannot seem to be able to configure the provider properly.
我已将提供程序配置为使用我的kubectl配置,但是在尝试推送简单的configmap时,出现错误,提示以下内容:
I've configured the provider to use my kubectl configuration but when attempting to push a simple configmap, i get an error stating the following:
禁止使用configmaps:用户"system:anonymous"无法在名称空间"kube-system"中创建configmaps.
configmaps is forbidden: User "system:anonymous" cannot create configmaps in the namespace "kube-system"
我知道提供程序正在提取部分配置,但似乎无法对其进行身份验证.我怀疑这是因为EKS使用heptio进行身份验证,并且我不确定Terraform使用的K8s Go客户端是否可以支持heptio.但是,考虑到当EKS上线时Terraform释放了对AWS EKS的支持,我怀疑他们是否也不会更新其Terraform提供程序来使用它.
I know that the provider is picking up part of the configuration but I cannot seem to get it to authenticate. I suspect this is because EKS uses heptio for authentication and i'm not sure if the K8s Go client used by Terraform can support heptio. However, given that Terraform released their AWS EKS support when EKS went GA, I'd doubt that they wouldn't also update their Terraform provider to work with it.
现在甚至可以这样做吗?有其他选择吗?
Is it possible to even do this now? Are there alternatives?
推荐答案
Exec auth was added here: https://github.com/kubernetes/client-go/commit/19c591bac28a94ca793a2f18a0cf0f2e800fad04
这是用于自定义身份验证插件的内容,已于2月7日发布.
This is what is utilized for custom authentication plugins and was published Feb 7th.
目前,Terraform不支持新的基于exec的身份验证提供程序,但是存在一个解决方法问题:
Right now, Terraform doesn't support the new exec-based authentication provider, but there is an issue open with a workaround: https://github.com/terraform-providers/terraform-provider-kubernetes/issues/161
也就是说,如果我有空闲时间,我将从事公关工作.
That said, if I get some free time I will work on a PR.
这篇关于带有EKS的Terraform Kubernetes提供程序在configmap上失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
