After running this :
aws eks update-kubeconfig --region eu-west-1 --name my-cluster
I tried to run kubectl get pods but I keep getting this error :
E1229 13:04:42.538976 82870 memcache.go:238] couldn't get current server API group list: the server has asked for the client to provide credentials
E1229 13:04:42.873405 82870 memcache.go:238] couldn't get current server API group list: the server has asked for the client to provide credentials
E1229 13:04:43.208848 82870 memcache.go:238] couldn't get current server API group list: the server has asked for the client to provide credentials
E1229 13:04:43.561855 82870 memcache.go:238] couldn't get current server API group list: the server has asked for the client to provide credentials
E1229 13:04:43.896372 82870 memcache.go:238] couldn't get current server API group list: the server has asked for the client to provide credentials
error: You must be logged in to the server (the server has asked for the client to provide credentials)
Mentioning here that aws is well configured and works fine.
Related
I'm trying to run Vault CSI provider but I'm getting the following error in my app pod:
MountVolume.SetUp failed for volume "secrets-store-inline" : rpc error: code = Unknown desc = failed to mount secrets store objects for pod vault/my-service-9b78df688-8xnql, err: rpc error: code = Unknown desc = error making mount request: failed to login: Error making API request. Namespace: vault URL: POST https://vault.craft-code.com/v1/auth/gcp/login Code: 400. Errors: * unable to get public key for signed JWT: unable to get public key "xxxxx" for JWT subject "system:serviceaccount:vault:service-web-app": googleapi: Error 400: Request contains an invalid argument.
According to the doc, before login to vault google cloud should issue jwt credential to be able to login in vault. I'm ussing terraform but I don't know how to do that. Could something explain it?
Once the service account and key have been created, the private key can be used to generate the JWT token needed to login to Vault.
To configure a Google Cloud service account to issue a JWT token before it can be used to login to Vault, you need to complete the following steps:
Create a service account in the Google Cloud platform.
Download the JSON key file associated with the service account.
Configure the Vault server to use the GCP auth backend and provide
the JSON key file for the service account.
Configure the Google Cloud IAM roles for the service account in order
to grant it access to the Vault server.
Get the JWT token from the service account and use it to authenticate
with Vault.
Refer to this doc also
im trying to setup my k8s and connect to aws, but i got this error
jackma#jackma-MacBook-Pro ~ % kubectl get svc
E0202 23:58:23.323851 66169 memcache.go:238] couldn't get current server API group list: the server has asked for the client to provide credentials
E0202 23:58:23.822265 66169 memcache.go:238] couldn't get current server API group list: the server has asked for the client to provide credentials
E0202 23:58:24.300791 66169 memcache.go:238] couldn't get current server API group list: the server has asked for the client to provide credentials
E0202 23:58:24.794799 66169 memcache.go:238] couldn't get current server API group list: the server has asked for the client to provide credentials
E0202 23:58:25.279269 66169 memcache.go:238] couldn't get current server API group list: the server has asked for the client to provide credentials
error: You must be logged in to the server (the server has asked for the client to provide credentials)
also, i cannot see detail of my default profile, i got
jackma#jackma-MacBook-Pro ~ % aws sts get-caller-identity --profile default
An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.
i tried reset with aws configure after delete my ~/.aws/credentials, but still get this issue. I am able to log in my aws account. here is my aws credential, not sure why i met this issue.
[default]
aws_access_key_id = ZSIB2NADXYH5MTSQ29X4
aws_secret_access_key = Wcnlg1GC8zBTuyIMoAheRKDycypSRTGjjcVWTHZv
Try removing the front space before equal
[default]
aws_access_key_id=ZSIB2NADXYH5MTSQ29X4
aws_secret_access_key=Wcnlg1GC8zBTuyIMoAheRKDycypSRTGjjcVWTHZv
If that not works remove the config files and re-configure again
aws configure <name-of-the-profile>
it will auto-create the files for you again and set necessary things if you manually edited anything have issues.
We are calling the K8S API to get version of the cluster.
The URL is https://:443/version .
But the HTTP request is failing with this error - GET request to the remote host failed [HTTP-Code: 401]: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
This call is working in other AWS regions for ex us-east-2(ohio), us-east-1, ap-south-1 etc. But specifically failing in this region.
I have checked IAM console this region is enables for STS service
While calling the K8S API we are passing STS token (with standard AWS signature calculation).
So I am not getting why it is failing in only a specific region?
I can access that cluster using AWS EKS CLI. All the operations on that cluster are working fine. kubectl is also in working state.
I'am trying to add kubernetes cluster to my Gitlab repository using Amazon EKS. Authentication step is going successful, but on cluster creating via Gitlab step I getting following troubles:
Gitlab can't receive IAM Roles and I can't pick them.
Gitlab can't receive regions from AWS account.
Form errors
I guess AWS account have enough roles to show, I have roles with full IAM access.
Then I decided to check browser dev tools and found that there are some errors with accessing Amazon services.
Error pattern: Refused to connect to '<URL>' because it violates the following Content Security Policy directive: "connect-src 'self' <URL> <URL> <URL> <URL> <URL> <URL> <URL>".
Console errors
I thought this is a problem with adblocker extension and I tried to use clean browser, but I got same throubles.
Below are the steps that I performed for setup :
Created a new windows server 2012 EC2 instance and then connected
with it using the remote desktop connection.
Installed EC2 config service which automatically installs
AmazonSSMAgent service.
Both EC2 and SSM services are running and in error logs, it is throwing some 'no chain provider exception' which is fine because I have not provided aws credentials yet.
Created a new IAM user and give him administrative policy access and
created three environment variables providing access_key,
secret_access_key and region_id.
Then I restarted AmazonSSMAgent service, then the exception changed to below exception:
status code: 400, request id: 400b4c75-eae2-11e7-a120-d33083d55d1f 2017-12-27 08:45:13 ERROR [HandleAwsError # awserr.go.48] [instanceID=i-084646fb32d8a7b6d] [MessagingDeliveryService] error when calling AWS APIs. error details - GetMessages Error: AuthorizationFailureException:
Please suggest what i am doing wrong or any steps that i have missed or any other way to do this.