Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error: You must be logged in to the server (Unauthorized) #179

Closed
pkelleratwork opened this issue Dec 10, 2018 · 4 comments
Closed

error: You must be logged in to the server (Unauthorized) #179

pkelleratwork opened this issue Dec 10, 2018 · 4 comments

Comments

@pkelleratwork
Copy link

need help asap - trying to replace prod cluster - cannot connect to cluster via circleci (user circleci)
verified aws-iam-authenticatior is working
kubectl can change context to cluster
ran kubectl edit -n kube-system configmap/aws-auth and added user to list
ran kubectl create clusterrolebinding circleci-cluster-admin-binding --clusterrole=cluster-admin --user=circlci for user
test with

+ kubectl get pods
error: You must be logged in to the server (Unauthorized)

I can connect to cluster from my box, where i made it from. i have referred with no luck to
https://stackoverflow.com/questions/50791303/kubectl-error-you-must-be-logged-in-to-the-server-unauthorized-when-accessing?rq=1
#105
@pkelleratwork
Copy link
Author

pkelleratwork commented Dec 10, 2018
edited
Loading

Kubeconfig

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: redacted
    server: https://nnnnnn.sk1.us-east-2.eks.amazonaws.com
  name: arn:aws:nnnnnnnnnn:cluster/dev
contexts:
- context:
    cluster: arn:aws:eks:nnnnnnnnn:cluster/dev
    user: arn:aws:eks:nnnnnnnnnn:cluster/dev
  name: arn:aws:eksnnnnnnnnnn:cluster/dev
current-context: arn:aws:eks:nnnnnnnn:cluster/dev
kind: Config
preferences: {}
users:
- name: arn:aws:eks:nnnnnnnnnn:cluster/dev
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - arn:aws:eks:nnnnnnnn:cluster/dev
      command: aws-iam-authenticator
      env:
        - name: AWS_PROFILE
          value: "circleci"

@pkelleratwork
Copy link
Author

pkelleratwork commented Dec 11, 2018
edited
Loading

I have also tried using the same aws keys and kubeconfig from my own laptop - which works on my laptop , on circleci. they fail with error

kubectl get svc
error: the server doesn't have a resource type "svc"
Exited with code 1

The same error as here - is there any more info on this? #157

I also added the user to the aws-Auth config.

@sonicintrusion
Copy link

sonicintrusion commented Dec 11, 2018
edited
Loading

can you confirm that the AWS profile "circleci" has the latest/valid login credentials saved (in .aws/credentials)?

you might want to pull the kubeconfig from EKS directly (aws eks update-kubeconfig) so it forms it properly. I think there should be a line that defines what your cluster is actually called within the user section:

      args:
      - token
      - -i
      - <cluster name as it appears in EKS>

hope this helps.

@SarasaGunawardhana
Copy link

I could not solve this issue by creating a cluster on AWS EKS GUI. I tried eksctl to create a cluster and it worked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sonicintrusion @SarasaGunawardhana @pkelleratwork