K
Q

Deploy to EKS cluster using AWS codepipleine

1/5/2020

I'm trying to automate deployment on EKS cluster using AWS codepipeline and was referring to the page: AWS CodePipeline and deployingto EKS

I am following the same steps as mentioned in the buildspec.yaml file but I am getting following error:

[Container] 2020/01/05 08:26:35 Running command kubectl apply -f $CODEBUILD_SRC_DIR/Takenaka.Api.User/Takenaka.Api.User/hello-k8s.yml 
Error from server (Forbidden): error when retrieving current configuration of: 
Resource: "apps/v1, Resource=deployments", GroupVersionKind: "apps/v1, Kind=Deployment" 
Name: "takenaka-user", Namespace: "default" 
Object: &{map["apiVersion":"apps/v1" "kind":"Deployment" "metadata":map["annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "name":"takenaka-user" "namespace":"default"] "spec":map["replicas":'\x01' "selector":map["matchLabels":map["app":"takenaka-user"]] "template":map["metadata":map["labels":map["app":"takenaka-user"]] "spec":map["containers":[map["image":"591209811908.dkr.ecr.ap-northeast-1.amazonaws.com/takenaka-ecr-repo:takenaka.user-4" "name":"takenaka-user" "ports":[map["containerPort":'P']]]]]]]]} 
from server for: "/codebuild/output/src658704233/src/git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/Takenaka/Takenaka.Api.User/Takenaka.Api.User/hello-k8s.yml": deployments.apps "takenaka-user" is forbidden: User "Kubernetesdeployment" cannot get resource "deployments" in API group "apps" in the namespace "default"
-- gaurav sharma
amazon-eks
amazon-web-services
aws-codepipeline
kubernetes

Similar Questions

Gloo gateway-proxy External IP on GKE : telnet: Unable to connect to remote host: Connection refused
GKE Pods not viewable after cluster downsizes
Is there an equivalent to "minikube docker-env" for using Docker in K8s?
Creating a path based Ingress on a GKE cluster
probem with nginx ingress controller
How to export Azure Kubernetes logs to Storage account or view old pod logs from Applications insights?
'kubectl get pods' command fails on Windows, works on WSL2
How can container (running on the local host) access services running on remote hosts, which are port forwarded to the local host
using kind to pull images from a local registry
Kubernetes Persistant Volume overwrites image data
FailedAttachVolume in openshift for FC storage

2 Answers

1/5/2020

User "Kubernetesdeployment" cannot get resource "deployments" in API group "apps" in the namespace "default"

If "Kubernetesdeployment" is a ServiceAccount that AWS CodePipeline uses to deploy, it looks like it is missing the necessary RBAC permissions to deploy "Deployment" in namespace "default".

Using RBAC Authorization may be helpful. Usually, you want to create and read both "Deployment", "Service" and possibly "Ingress" for deploying apps to a specific namespace.

From the link that you had followed, it looks like it miss point 4.

  1. Make kubernetes_deployment role as authorized in eks cluster

alternatively, that you have set the permissions to a different service account name? username: kubernetes_deployment is named Kubernetesdeployment in your error message.

-- Jonas
Source: StackOverflow
1/7/2020

Please also look at AWS recommended deployment methodology to EKS with CodePipeline:

Continuous Deployment to Kubernetes using AWS CodePipeline, AWS CodeCommit, AWS CodeBuild, Amazon ECR and AWS Lambda - https://aws.amazon.com/blogs/devops/continuous-deployment-to-kubernetes-using-aws-codepipeline-aws-codecommit-aws-codebuild-amazon-ecr-and-aws-lambda/

-- shariqmaws
Source: StackOverflow