I'm trying to automate deployment on EKS cluster using AWS codepipeline and was referring to the page: AWS CodePipeline and deployingto EKS
I am following the same steps as mentioned in the buildspec.yaml file but I am getting following error:
[Container] 2020/01/05 08:26:35 Running command kubectl apply -f $CODEBUILD_SRC_DIR/Takenaka.Api.User/Takenaka.Api.User/hello-k8s.yml
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "apps/v1, Resource=deployments", GroupVersionKind: "apps/v1, Kind=Deployment"
Name: "takenaka-user", Namespace: "default"
Object: &{map["apiVersion":"apps/v1" "kind":"Deployment" "metadata":map["annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "name":"takenaka-user" "namespace":"default"] "spec":map["replicas":'\x01' "selector":map["matchLabels":map["app":"takenaka-user"]] "template":map["metadata":map["labels":map["app":"takenaka-user"]] "spec":map["containers":[map["image":"591209811908.dkr.ecr.ap-northeast-1.amazonaws.com/takenaka-ecr-repo:takenaka.user-4" "name":"takenaka-user" "ports":[map["containerPort":'P']]]]]]]]}
from server for: "/codebuild/output/src658704233/src/git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/Takenaka/Takenaka.Api.User/Takenaka.Api.User/hello-k8s.yml": deployments.apps "takenaka-user" is forbidden: User "Kubernetesdeployment" cannot get resource "deployments" in API group "apps" in the namespace "default"
User "Kubernetesdeployment" cannot get resource "deployments" in API group "apps" in the namespace "default"
If "Kubernetesdeployment" is a ServiceAccount that AWS CodePipeline uses to deploy, it looks like it is missing the necessary RBAC permissions to deploy "Deployment" in namespace "default".
Using RBAC Authorization may be helpful. Usually, you want to create and read both "Deployment", "Service" and possibly "Ingress" for deploying apps to a specific namespace.
From the link that you had followed, it looks like it miss point 4.
- Make kubernetes_deployment role as authorized in eks cluster
alternatively, that you have set the permissions to a different service account name? username: kubernetes_deployment
is named Kubernetesdeployment
in your error message.
Please also look at AWS recommended deployment methodology to EKS with CodePipeline:
Continuous Deployment to Kubernetes using AWS CodePipeline, AWS CodeCommit, AWS CodeBuild, Amazon ECR and AWS Lambda - https://aws.amazon.com/blogs/devops/continuous-deployment-to-kubernetes-using-aws-codepipeline-aws-codecommit-aws-codebuild-amazon-ecr-and-aws-lambda/