Deploy to EKS cluster using AWS codepipleine

1/5/2020

I'm trying to automate deployment on EKS cluster using AWS codepipeline and was referring to the page: AWS CodePipeline and deployingto EKS

I am following the same steps as mentioned in the buildspec.yaml file but I am getting following error:

[Container] 2020/01/05 08:26:35 Running command kubectl apply -f $CODEBUILD_SRC_DIR/Takenaka.Api.User/Takenaka.Api.User/hello-k8s.yml 
Error from server (Forbidden): error when retrieving current configuration of: 
Resource: "apps/v1, Resource=deployments", GroupVersionKind: "apps/v1, Kind=Deployment" 
Name: "takenaka-user", Namespace: "default" 
Object: &{map["apiVersion":"apps/v1" "kind":"Deployment" "metadata":map["annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "name":"takenaka-user" "namespace":"default"] "spec":map["replicas":'\x01' "selector":map["matchLabels":map["app":"takenaka-user"]] "template":map["metadata":map["labels":map["app":"takenaka-user"]] "spec":map["containers":[map["image":"591209811908.dkr.ecr.ap-northeast-1.amazonaws.com/takenaka-ecr-repo:takenaka.user-4" "name":"takenaka-user" "ports":[map["containerPort":'P']]]]]]]]} 
from server for: "/codebuild/output/src658704233/src/git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/Takenaka/Takenaka.Api.User/Takenaka.Api.User/hello-k8s.yml": deployments.apps "takenaka-user" is forbidden: User "Kubernetesdeployment" cannot get resource "deployments" in API group "apps" in the namespace "default" 
-- gaurav sharma
amazon-eks
amazon-web-services
aws-codepipeline
kubernetes

2 Answers

1/5/2020

User "Kubernetesdeployment" cannot get resource "deployments" in API group "apps" in the namespace "default"

If "Kubernetesdeployment" is a ServiceAccount that AWS CodePipeline uses to deploy, it looks like it is missing the necessary RBAC permissions to deploy "Deployment" in namespace "default".

Using RBAC Authorization may be helpful. Usually, you want to create and read both "Deployment", "Service" and possibly "Ingress" for deploying apps to a specific namespace.

From the link that you had followed, it looks like it miss point 4.

  1. Make kubernetes_deployment role as authorized in eks cluster

alternatively, that you have set the permissions to a different service account name? username: kubernetes_deployment is named Kubernetesdeployment in your error message.

-- Jonas
Source: StackOverflow

1/7/2020

Please also look at AWS recommended deployment methodology to EKS with CodePipeline:

Continuous Deployment to Kubernetes using AWS CodePipeline, AWS CodeCommit, AWS CodeBuild, Amazon ECR and AWS Lambda - https://aws.amazon.com/blogs/devops/continuous-deployment-to-kubernetes-using-aws-codepipeline-aws-codecommit-aws-codebuild-amazon-ecr-and-aws-lambda/

-- shariqmaws
Source: StackOverflow