error: the server doesn't have a resource type "svc"

7/12/2018

Getting error: the server doesn't have a resource type "svc" when testing kubectl configuration whilst following this guide:

https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html

Detailed Error

$ kubectl get svc -v=8

I0712 15:30:24.902035   93745 loader.go:357] Config loaded from file /Users/matt.canty/.kube/config-test
I0712 15:30:24.902741   93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:24.902762   93745 round_trippers.go:390] Request Headers:
I0712 15:30:24.902768   93745 round_trippers.go:393]     User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:24.902773   93745 round_trippers.go:393]     Accept: application/json, */*
I0712 15:30:25.425614   93745 round_trippers.go:408] Response Status: 401 Unauthorized in 522 milliseconds
I0712 15:30:25.425651   93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.425657   93745 round_trippers.go:414]     Content-Type: application/json
I0712 15:30:25.425662   93745 round_trippers.go:414]     Content-Length: 129
I0712 15:30:25.425670   93745 round_trippers.go:414]     Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.426757   93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.428104   93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.428239   93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:25.428258   93745 round_trippers.go:390] Request Headers:
I0712 15:30:25.428268   93745 round_trippers.go:393]     Accept: application/json, */*
I0712 15:30:25.428278   93745 round_trippers.go:393]     User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:25.577788   93745 round_trippers.go:408] Response Status: 401 Unauthorized in 149 milliseconds
I0712 15:30:25.577818   93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.577838   93745 round_trippers.go:414]     Content-Type: application/json
I0712 15:30:25.577854   93745 round_trippers.go:414]     Content-Length: 129
I0712 15:30:25.577868   93745 round_trippers.go:414]     Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.578876   93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.579492   93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.579851   93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:25.579864   93745 round_trippers.go:390] Request Headers:
I0712 15:30:25.579873   93745 round_trippers.go:393]     Accept: application/json, */*
I0712 15:30:25.579879   93745 round_trippers.go:393]     User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:25.729513   93745 round_trippers.go:408] Response Status: 401 Unauthorized in 149 milliseconds
I0712 15:30:25.729541   93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.729547   93745 round_trippers.go:414]     Content-Type: application/json
I0712 15:30:25.729552   93745 round_trippers.go:414]     Content-Length: 129
I0712 15:30:25.729557   93745 round_trippers.go:414]     Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.730606   93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.731228   93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.731254   93745 factory_object_mapping.go:93] Unable to retrieve API resources, falling back to hardcoded types: Unauthorized
F0712 15:30:25.731493   93745 helpers.go:119] error: the server doesn't have a resource type "svc"

Screenshot of EKS Cluster in AWS

enter image description here

Version

kubectl version

Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-28T20:03:09Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"darwin/amd64"}
error: You must be logged in to the server (the server has asked for the client to provide credentials)

Config

Kubctl Config

$ kubectl config view

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://REDACTED.yl4.us-east-1.eks.amazonaws.com
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: aws
  name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - test
      command: heptio-authenticator-aws
      env:
      - name: AWS_PROFILE
        value: personal

AWS Config

cat .aws/config

[profile personal]
source_profile = personal 

AWS Credentials

$ cat .aws/credentials

[personal]
aws_access_key_id = REDACTED
aws_secret_access_key = REDACTED

 ~/.kube/config-test

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACETED
    server: https://REDACTED.yl4.us-east-1.eks.amazonaws.com
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: aws
  name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - test
      command: heptio-authenticator-aws
      env:
      - name: AWS_PROFILE
        value: personal

Similar issues

-- Matt Canty
amazon-eks
kubectl
kubernetes

7 Answers

8/14/2018

I ran into this error, and it was a DIFFERENT kube config issue, so the

error: the server doesn't have a resource type “svc”

error is probably very generic.

Im my case, the solution was to remove the quotes around the certificate-authority-data

Example

(not working)

certificate-authority-data:"xyxyxyxyxyxy"

(working)

certificate-authority-data: xyxyxyxyxyxy
-- tdensmore
Source: StackOverflow

11/28/2018

Possible solution if you created the cluster in the UI

If you created the cluster in the UI, it's possible the AWS root user created the cluster. According to the docs, "When an Amazon EKS cluster is created, the IAM entity (user or role) that creates the cluster is added to the Kubernetes RBAC authorization table as the administrator (with system:master) permissions. Initially, only that IAM user can make calls to the Kubernetes API server using kubectl. "

You'll need to first login to the AWS CLI as the root user in order to update the permissions of the IAM user you want to have access to the cluster.

  1. You'll need to get an access key for the root user and put this info in .aws/credentials under the default user. You can do this using the command aws configure

    Now kubectl get svc works, since you're logged in as the root user that initially created the cluster.

  2. Apply the aws-auth ConfigMap to the cluster. Follow step 2 from these docs, using the NodeInstanceRole value you got as the Output from Step 3: Launch and Configure Amazon EKS Worker Nodes

  3. To add a non-root IAM user or role to an Amazon EKS cluster, follow step 3 from these docs. Edit the configmap/aws-auth and add other users that need kubectl access in the mapUsers section.

  4. Run aws configure again and add the access key info from your non-root user.

Now you can access your cluster from the AWS CLI and using kubectl.

-- Yasmin
Source: StackOverflow

11/6/2018

I just had a similar issue which I managed to resolve with aws support. The issue I was having was that the cluster was created with a role that was assumed by the user, but kubectl was not assuming this role with the default kube config created by the aws-cli.

I fixed the issue by providing the role in the users section of the kube config

users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - test
      - -r
      - <arn::of::your::role>
      command: aws-iam-authenticator
      env:
      - name: AWS_PROFILE
        value: personal

I believe the heptio-aws-authenticator has now been changed to the aws-iam-authenticator, but this change was what allowed me to use the cluster.

-- R.Taylor
Source: StackOverflow

7/20/2018

The 401s look like a permissions issue. Did your user create the cluster? In the docs: "When you create an Amazon EKS cluster, the IAM entity (user or role) is automatically granted system:master permissions in the cluster's RBAC configuration. To grant additional AWS users the ability to interact with your cluster, you must edit the aws-auth ConfigMap within Kubernetes."

If it was created by a different user, you'll need to use that user, having it configured in the CLI to execute kubectl

-- JamesIngold
Source: StackOverflow

11/16/2018

Need to make sure the credentials used to create Cluster and execute kubectl in CLI are same. In my case I created cluster via console which took AWS temporary vending machine credentials that has expiry where as kubectl used the actual permanent credentials.
To fix the error, I created the cluster as well from the AWS CLI.

-- Linz
Source: StackOverflow

7/31/2018

Just delete cache and http-cache in .kube folder and try running the command kubectl get svc Also make sure that your config- file is properly indented. Due to syntax errors sometime it may throw that error.

-- user3805324
Source: StackOverflow

7/12/2018

I had this issue where my KUBECONFIG environment variable had more than one value, it looked something like: :/Users/my-user/.kube/config-firstcluster:/Users/my-user/.kube/config-secondcluster

Try unsetting and resetting the environment variable to have only 1 value and see if that works for you.

-- Erin M
Source: StackOverflow