Helm, AWS IAM Role & Github Actions

The issue: Kubernetes cluster unreachable

I’m trying to deploy my service (springboot rest api service + postgres database) to an existing EKS cluster using helm chart for Github Action CI pipeline

I’m using the Github federated OIDC to access AWS resource which uses short-lived credentials (no AWS credential leaked!)

The issue is that Github Action failed

Error: INSTALLATION FAILED: Kubernetes cluster unreachable: the server has asked for the client to provide credentials

Enabling IAM user and role access to your cluster

Solution is to add above authorized Github IAM role to aws-auth configmap

$ kubectl edit -n kube-system configmap/aws-auth

edit the file to add

....
mapUsers: |
- userarn: arn:aws:iam::ACCOUNTID:role/github
username: admin
groups:
- system:masters
kind: ConfigMap
...

To make a permanent change to aws-auth configmap

kubectl get -n kube-system configmap/aws-auth -o yaml > auth-cm.yaml#make the above changekubectl apply -f auth-cm.yaml

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Android uncalibrated accel & gyro

Automate Build and Release Processes Using Adobe Cloud Manager for a Faster Time-to-Market

What is recursive workflow rule? How to avoid recursive workflow rules in Salesforce?

Java Security Basics: Avoiding CVE-90 LDAP Injection

Compiler Democratisation In Practice

Laravel API — Authenticate user with custom driver & different table using auth middleware

Frontend Mentor October 2020 review

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Natarajan Santhosh

Natarajan Santhosh

More from Medium

Leveraging Terraform to build disaster recovery in AWS

How to: Terraform Locking State in S3

Debugging Access Issues With AWS Gateway Endpoints

Running Containers on AWS using Amazon ECS and AWS Fargate