Terraform and Helm3: Error: Kubernetes cluster unreachable

Question

So, I'm trying to install a chart with helm3 to kubernetes cluster(EKS). I have a terraform configuration bellow. The actual cluster is active and visible

variable "aws_access_key" {}
variable "aws_secret_key" {}

locals {
  cluster_name = "some-my-cluster"
}

provider "aws" {
  region = "eu-central-1"
  access_key = var.aws_access_key
  secret_key = var.aws_secret_key
}


data "aws_eks_cluster" "cluster" {
  name = local.cluster_name
}

data "aws_eks_cluster_auth" "cluster" {
  name = data.aws_eks_cluster.cluster.name
}

output "endpoint" {
  value = data.aws_eks_cluster.cluster.endpoint
}

output "kubeconfig-certificate-authority-data" {
  value = data.aws_eks_cluster.cluster.certificate_authority.0.data
}

output "identity-oidc-issuer" {
  value = "${data.aws_eks_cluster.cluster.identity.0.oidc.0.issuer}"
}

provider "kubernetes" {
  version                = "~>1.10.0"
  host                   = data.aws_eks_cluster.cluster.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
  token                  = data.aws_eks_cluster_auth.cluster.token
  load_config_file       = false
}

provider "helm" {
  version                = "~>1.0.0"
  debug = true
  alias = "my_helm"

  kubernetes {
    host = data.aws_eks_cluster.cluster.endpoint
    token = data.aws_eks_cluster_auth.cluster.token
    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
    load_config_file = false
  }
}

data "helm_repository" "stable" {
  name = "stable"
  url  = "https://kubernetes-charts.storage.googleapis.com"
}

resource "helm_release" "mydatabase" {
  provider  = helm.my_helm
  name  = "mydatabase"
  chart = "stable/mariadb"
  namespace = "default"

  set {
    name  = "mariadbUser"
    value = "foo"
  }

  set {
    name  = "mariadbPassword"
    value = "qux"
  }
}

When I run terraform apply I see an error: Error: Kubernetes cluster unreachable

Any thoughts? Will also appreciate some ideas how to debug the issue - the debug option doesn't work.

Can confirm that it works with newly created cluster.

Answer 1

The solution to this problem has to do with the kubectl provider. The only workaround that I could find that works is to replace the token request with the one I put below

provider "kubernetes" {
    version                = "~>1.10.0"
    host                   = data.aws_eks_cluster.cluster.endpoint
    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
    exec {
        api_version = "client.authentication.k8s.io/v1alpha1"
        args        = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.cluster.name]
        command     = "aws"
     }
     load_config_file       = false
}