Reputation: 1114
Helm can't handle ConfigMap.mapRoles.username : system:node:{{EC2PrivateDNSName}}
I have a kubernetes cluster that I'm now migrating to Helm. Cluster is running under AWS managed service AWS EKS.
Since AWS EKS by default creates only 1 user in the cluster (system.master) which is the AWS User who created the cluster. Having said that, in order to create another user to the cluster, I wound need to create a config map below:
apiVersion: v1
kind: ConfigMap
metadata:
name: aws-auth
namespace: kube-system
data:
mapRoles: |
- rolearn: arn:aws:iam::<accountid>:role/terraform-eks-main-node
username: system:node:{{EC2PrivateDNSName}}
groups:
- system:bootstrappers
- system:nodes
mapUsers: |
- userarn: arn:aws:iam::<accountid>:user/admin-access
username: admin-access
groups:
- system:masters
running the configmap using helm causes issues due to {{EC2PrivateDNSName}}. Is there any proper way to handle it?
Upvotes: 4
Views: 2287
Answers (1)
Reputation: 159771
Whenever Helm (and the embedded Go text/template engine) sees {{, it interprets it as a template variable expansion. If you want to include those characters literally in the output, you need a template expression that generates them; for example
username: system:node:{{ "{{" }}EC2PrivateDNSName}}
Upvotes: 3
Related Questions
- Helm - Kubernetes cluster unreachable: the server has asked for the client to provide credentials
- Helm configmap error. expected string; got bool
- Consul Helm failing
- AWS eks user gets error: You must be logged in to the server (Unauthorized)
- AWS EKS "is not authorized to perform: iam:CreateServiceLinkedRole"
- helm list : cannot list configmaps in the namespace "kube-system"
- Helm ls: Error: configmaps is forbidden: User "system:serviceaccount:kube-system:tiller"
- EKS not able to authenticate to Kubernetes with Kubectl - "User: is not authorized to perform: sts:AssumeRole"
- Error creating service account using Helm on Kubernetes
- configmaps is forbidden error when attempting helm ls