Helm, AWS IAM Role & Github Actions

The issue: Kubernetes cluster unreachable

I’m trying to deploy my service (springboot rest api service + postgres database) to an existing EKS cluster using helm chart for Github Action CI pipeline

I’m using the Github federated OIDC to access AWS resource which uses short-lived credentials (no AWS credential leaked!)

The issue is that Github Action failed

Error: INSTALLATION FAILED: Kubernetes cluster unreachable: the server has asked for the client to provide credentials

Enabling IAM user and role access to your cluster

Solution is to add above authorized Github IAM role to aws-auth configmap

$ kubectl edit -n kube-system configmap/aws-auth

edit the file to add

....
mapUsers: |
- userarn: arn:aws:iam::ACCOUNTID:role/github
username: admin
groups:
- system:masters
kind: ConfigMap
...

To make a permanent change to aws-auth configmap

kubectl get -n kube-system configmap/aws-auth -o yaml > auth-cm.yaml#make the above changekubectl apply -f auth-cm.yaml

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store