You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a composition that creates an EKS Cluster with Kind: Cluster, followed by Kind: ClusterAuth where I use writeConnectionSecretToRef to write the secrets to the crossplane-system namespace. Exporting the kubeconfig Secret manually results in the following error when accessing the cluster: error: You must be logged in to the server (Unauthorized).
What happened?
Here is the output of the decoded kubeconfig Secret: https://sts.us-east-1.amazonaws.com/?Action=GetCallerIdentity&Version=2011-06-15&X-Amz-Algorithm=AWS4-HMAC-SHA256&%2F%2Fus-east-1%2Fsts%2Faws4_request&X-Amz-Date=16Z&X-Amz-Expires=&X-Amz-SignedHeaders=host%3Bx-k8s-aws-id&X-Amz-Signature: invalid input
When I visit that URL, I see the following error:
{
"Error": {
"Code": "SignatureDoesNotMatch",
"Message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.",
"Type": "Sender"
},
}
I saw this bug, but see it is closed with an upgrade to 1.3.1 resolving the issue.
Relevant Error Output Snippet
No response
Crossplane Version
1.17.1
Provider Version
1.15.0
Kubernetes Version
1.30.0
Kubernetes Distribution
EKS
Additional Info
No response
The text was updated successfully, but these errors were encountered:
This is resolved - it was a PEBKAC error. I was not tracking that the token was refreshing, so I was unknowingly using expired credentials when attempting to manually authenticated. The CluserAuth works as expected.
Is there an existing issue for this?
Affected Resource(s)
eks.aws.upbound.io/v1beta2
Resource MRs required to reproduce the bug
No response
Steps to Reproduce
I have a composition that creates an EKS Cluster with
Kind: Cluster
, followed byKind: ClusterAuth
where I usewriteConnectionSecretToRef
to write the secrets to thecrossplane-system
namespace. Exporting thekubeconfig
Secret manually results in the following error when accessing the cluster:error: You must be logged in to the server (Unauthorized)
.What happened?
Here is the output of the decoded kubeconfig Secret:
https://sts.us-east-1.amazonaws.com/?Action=GetCallerIdentity&Version=2011-06-15&X-Amz-Algorithm=AWS4-HMAC-SHA256&%2F%2Fus-east-1%2Fsts%2Faws4_request&X-Amz-Date=16Z&X-Amz-Expires=&X-Amz-SignedHeaders=host%3Bx-k8s-aws-id&X-Amz-Signature: invalid input
When I visit that URL, I see the following error:
I saw this bug, but see it is closed with an upgrade to 1.3.1 resolving the issue.
Relevant Error Output Snippet
No response
Crossplane Version
1.17.1
Provider Version
1.15.0
Kubernetes Version
1.30.0
Kubernetes Distribution
EKS
Additional Info
No response
The text was updated successfully, but these errors were encountered: