Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for exec credentials for kubernetes and helm providers #78

Open
Lucasjuv opened this issue Sep 25, 2024 · 1 comment
Open
Labels
enhancement New feature or request

Comments

@Lucasjuv
Copy link

Describe the solution you'd like
I want to be able to use exec credentials with the kubernetes provider.

Describe alternatives you've considered
I have considered installing the cli in the job before the terragrunt action but that didn't work.

Additional context

I get:

Error: Kubernetes cluster unreachable: Get "https://<guid>.gr7.us-east-1.eks.amazonaws.com/version": getting credentials: exec: executable aws not found
│ 
│ It looks like you are trying to use a client-go credential plugin that is not installed.
│ 
│ To learn more about this feature, consult the documentation available at:
│       https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
│ 
│   with helm_release.argocd,
│   on argo.tf line 1, in resource "helm_release" "argocd":
│    1: resource "helm_release" "argocd" {

When I try to use these credentials:

data "aws_eks_cluster" "main" {
  name = var.cluster_name
}

provider "kubernetes" {
  host                   = data.aws_eks_cluster.main.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.main.certificate_authority[0].data)

  exec {
    api_version = "client.authentication.k8s.io/v1beta1"
    command     = "aws"
    args        = ["eks", "get-token", 
        "--cluster-name", data.aws_eks_cluster.main.name, 
        "--role-arn", var.deployer_iam_role_arn]
  }
}

provider "helm" {
  kubernetes {
    host                   = data.aws_eks_cluster.main.endpoint
    cluster_ca_certificate = base64decode(data.aws_eks_cluster.main.certificate_authority[0].data)

    exec {
      api_version = "client.authentication.k8s.io/v1beta1"
      command     = "aws"
      args        = ["eks", "get-token", 
        "--cluster-name", data.aws_eks_cluster.main.name, 
        "--role-arn", var.deployer_iam_role_arn]
    }
  }
}
@Lucasjuv Lucasjuv added the enhancement New feature or request label Sep 25, 2024
@yhakbar
Copy link

yhakbar commented Dec 20, 2024

The action actually runs as part of a Dockerfile, so it won't have access to anything you install outside of the container it runs.

If you would like to have Terragrunt available in the GitHub Actions runner you are operating in, consider using a tool like mise-action to install Terragrunt directly, along with any other tools you want to use before running Terragrunt.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants