User "system:anonymous" cannot 어쩌고저쩌고

김세영·2024년 10월 30일
aws-authaws_eks_cluster_authcluster_autheksk8skuvernetessystem:anonymousterraform

잘 사용하고 있던 EKS terraform code에서
cluster 관련 내용 변경후 plan을 뜨니

╷
│ Error: configmaps "aws-auth" is forbidden: User "system:anonymous" cannot get resource "configmaps" in API group "" in the namespace "kube-system"
│
│   with kubernetes_config_map.aws-auth,
│   on cluster.tf line 30, in resource "kubernetes_config_map" "aws-auth":
│   30: resource "kubernetes_config_map" "aws-auth" {
│
╵
╷
│ Error: query: failed to query with labels: secrets is forbidden: User "system:anonymous" cannot list resource "secrets" in API group "" in the namespace "karpenter"
│
│   with helm_release.karpenter,
│   on karpenter.tf line 204, in resource "helm_release" "karpenter":
│  204: resource "helm_release" "karpenter" {
│
╵
╷
│ Error: namespaces "log" is forbidden: User "system:anonymous" cannot get resource "namespaces" in API group "" in the namespace "log"
│
│   with kubernetes_namespace.fluent-bit,
│   on fluent-bit.tf line 77, in resource "kubernetes_namespace" "fluent-bit":
│   77: resource "kubernetes_namespace" "fluent-bit" {
│
╵
╷
│ Error: query: failed to query with labels: secrets is forbidden: User "system:anonymous" cannot list resource "secrets" in API group "" in the namespace "logging"
│
│   with helm_release.fluent-bit[0],
│   on fluent-bit.tf line 103, in resource "helm_release" "fluent-bit":
│  103: resource "helm_release" "fluent-bit" {
│
╵
╷
│ Error: query: failed to query with labels: secrets is forbidden: User "system:anonymous" cannot list resource "secrets" in API group "" in the namespace "kube-system"
│
│   with helm_release.metrics_server,
│   on helm_release.tf line 1, in resource "helm_release" "metrics_server":
│    1: resource "helm_release" "metrics_server" {
│
╵
╷
│ Error: query: failed to query with labels: secrets is forbidden: User "system:anonymous" cannot list resource "secrets" in API group "" in the namespace "kube-system"
│
│   with helm_release.loadbalancer_controller,
│   on helm_release.tf line 14, in resource "helm_release" "loadbalancer_controller":
│   14: resource "helm_release" "loadbalancer_controller" {
│

왜이래.....

이것 저것 범위를 좁히면서 확인하다보니 cluster 내용 변경인 것에만 해당 에러가 떴다.
(나의 경우는 cluster version update 였음)

이것 저것 찾아봐도 안되었는데 힌트를 발견

https://github.com/hashicorp/terraform-provider-aws/issues/18852

resource cluster 정보를 참조하면 cluster auth에 cluster dependency가 생겨 User를 system:anonymous로 인식하므로 참조하지 말고 평문으로 쓰라는 내용

위에 것을 주석 처리하고 아래 것으로 변경하여 해결하였다.

profile
김세영
다음 포스트

EKS Amazon linux 2023 user-data

0개의 댓글