1

I am trying to create a Gitlab CI CD pipeline to build my java spring project and deploy it to amazon eks. I have followed instruction as in this article. This is the gitlab-ci-cd.yml file to apply the deployment script.

k8s-deploy-dev:
  image: docker.io/sulemanhasib43/eks:latest
  stage: k8-deploy
  tags:
    - kubernetes
  before_script: *kubectl_config
  script:
    - sed -i "s#$CONTAINER_IMAGE#$CONTAINER_IMAGE:dev$CI_PIPELINE_IID#g" deployment.yaml
    - kubectl apply -f deployment.yaml -n dev
  only:
    - master

But I got an issue when applying my deployment.yml file.As following image I got an error as

system:node:"user" cannot create resource ...

But when I am adding the eks cluster to the gitlab, I have created a user with cluster-admin role.

enter image description here

I have also tried adding roles to the system:node ClusterRole.

Denver Shan
  • 106
  • 1
  • 6
  • 1
    can you check `kubectl auth can-i create deployments --namespace --as ` ? – hoque Jun 01 '20 at 15:30
  • Where are you defining `kubectl_config`? The tutorial has you create a user mapping in the aws-auth configmap, but it doesn't appear that's getting used – jordanm Jun 01 '20 at 15:35
  • add details i.e yaml on how you added roles to system:node ? Also the doc says use system:masters instead and system:masters by default is already bound to cluster admin clusterrole – Arghya Sadhu Jun 01 '20 at 15:39
  • @hoque I got `no` as the result – Denver Shan Jun 01 '20 at 15:56
  • @jordanm I have add the user as the system:master in aws-auth cm `mapUsers: | - userarn: arn:aws:iam::**************:user/gitlab username: gitlab groups: - system:masters ` – Denver Shan Jun 01 '20 at 16:00
  • @DenverShan yeah, but where are you defining in the kubeconfig to auth as that IAM user? The tutorial uses `aws eks update-kubeconfig` for that – jordanm Jun 01 '20 at 16:01
  • @jordanm Yeah I am updating it in here `before_script: *kubectl_config`. I am updating as this `.kubectl_config: &kubectl_config - aws eks --region *** update-kubeconfig --name *** ` – Denver Shan Jun 01 '20 at 16:06
  • This has defined before the stage. This config has updated successfully. – Denver Shan Jun 01 '20 at 16:08

0 Answers0