Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

basicAuth errors with is forbidden: User "system:anonymous" #2593

Open
raelga opened this issue Sep 25, 2024 · 3 comments
Open

basicAuth errors with is forbidden: User "system:anonymous" #2593

raelga opened this issue Sep 25, 2024 · 3 comments
Assignees
@alexsomesan
Labels
bug

Comments

@raelga
Copy link

raelga commented Sep 25, 2024
edited
Loading

Terraform Version, Provider Version and Kubernetes Version

> terraform -v
Terraform v1.9.5
on darwin_arm64
+ provider registry.terraform.io/hashicorp/kubernetes v2.32.0
> kubectl version
Client Version: v1.29.0
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.28.12+0c3c368

Affected Resource(s)

kubernetes provider initialization

Terraform Configuration Files

locals {
  host     = "https://api.****443"
  username = "***"
  password = "*****"
}

terraform {
  required_providers {
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "2.32.0"
    }
  }
  required_version = ">= 0.13"
}

provider "kubernetes" {
  host     = local.host
  username = local.username
  password = local.password
}

resource "kubernetes_secret" "vault_aws_credentials" {
  metadata {
    name      = "test"
    namespace = "default"
  }
}

> tf output username
"kubeadmin"
> tf output password
"*******"
> tf output server
"https://api.****:443"

Debug Output

https://gist.github.com/raelga/6bcdd75dade012522159dd125dd435f7

Steps to Reproduce

  1. terraform plan

Expected Behavior

Connects to the cluster with the provided credentials.

Actual Behavior

Tries to connect with the cluster using system:anonymous user:

╷
│ Error: secrets is forbidden: User "system:anonymous" cannot create resource "secrets" in API group "" in the namespace "default"
│ 
│   with kubernetes_secret.test,
│   on main.tf line 23, in resource "kubernetes_secret" "test":
│   23: resource "kubernetes_secret" "test" {
│ 
╵
@raelga raelga added the bug label Sep 25, 2024
@alexsomesan
Copy link
Member

Which type of cluster are you working with? Self-hosted / cloud-managed? any specific managed variety (EKS, GKE, AKS, etc)?

@raelga
Copy link
Author

raelga commented Oct 30, 2024

AWS ROSA cluster, cloud-managed.

@alexsomesan
Copy link
Member

Quick follow-up here - it seems that basic auth has been removed from the API server in the 1.19 release: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.19.md#no-really-you-must-read-this-before-you-upgrade

Can you elaborate on your intended use of it in a v1.28.12 and how would it still be available?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexsomesan alexsomesan

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@raelga @alexsomesan