When I try to run kubectl create secret generic from my pipeline it fails with the error:
error: You must be logged in to the server (the server has asked for the client to provide credentials)
Here is my Github Actions pipeline..
# Sign into AWS
- name: Configure AWS credentials (OIDC)
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: ${{ env.AWS_REGION }}
output-credentials: true
# Update Kube config
- name: Update KubeCTL
run: |
aws eks update-kubeconfig --region ${{ env.AWS_REGION }} --name ${{ env.CLUSTER_NAME }}
For the remainder of this script I can do things on my cluster e.g.
- name: Test Commands
run: |
kubectl config current-context
kubectl config get-contexts
kubectl auth can-i create secret -n my-app
These all work perfectly with the last command reporting yes that I have permission to create secrets.
However when I try to actually create the secret I get the error above.
My Github deployment role has the AmazonEKSClusterAdminPolicy access policy.
What am I doing incorrectly?
