Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

provider overrides provided token if running inside a pod #787

Closed
mrferos opened this issue Mar 4, 2020 · 4 comments
Closed

provider overrides provided token if running inside a pod #787

mrferos opened this issue Mar 4, 2020 · 4 comments

Comments

@mrferos
Copy link

mrferos commented Mar 4, 2020

Terraform Version

0.12.13

Affected Resource(s)

  • kubernetes_config_map ( really it was anything that was using the provider )

Terraform Configuration Files

data "aws_eks_cluster_auth" "sentinel" {
  name = module.eks-sentinel.cluster_id
}

provider "kubernetes" {
  alias = "sentinel"
  host = data.aws_eks_cluster.sentinel.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.sentinel.certificate_authority.0.data)
  token = data.aws_eks_cluster_auth.sentinel.token
  load_config_file = false
  version = "1.10"
}

Debug Output

https://gist.github.com/mrferos/610ed1ccea8d0e2845966dd9291eff62

Panic Output

N/A

Expected Behavior

I would expect for the provided token to be used

Actual Behavior

Because this was running inside a kubernetes pod KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT were defined, the provided token was ignored and it picked up the service account token in the pod.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. Provide a token manually
  2. Run terraform inside a k8s pod

Important Factoids

  1. I am running this inside an EKS-managed cluster
  2. k8s provider 1.10
  3. terraform 1.12.13
  4. I haven't tested this against 1.11 because the EKS module was broken against 1.11 some days ago.

My quick workout was just to prepend KUBERNETES_SERVICE_HOST="" KUBERNETES_SERVICE_PORT="" to terraform apply and terraform plan

References

N/A
@pdecat
Copy link
Contributor

pdecat commented Mar 5, 2020

Hi, this is fixed since the v1.11.0 release. Get v1.11.1 though, it's better.

@pdecat
Copy link
Contributor

pdecat commented Mar 5, 2020

See "Refactor client config initialization and fix in-cluster config" (#679) (#497)

@mrferos
Copy link
Author

mrferos commented Mar 5, 2020

Hi, this is fixed since the v1.11.0 release. Get v1.11.1 though, it's better.

Ah, okay, will try. Thanks! Closing issue.

@mrferos mrferos closed this as completed Mar 5, 2020
This was referenced Mar 11, 2020
Closed
Merged
@ghost
Copy link

ghost commented Apr 21, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 21, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mrferos @pdecat