AWS CodeBuild kubectl apply -f无法识别：未经授权

Question

构建过程失败，并显示以下错误：

[Container] 2019/12/12 08:07:41 Running command kubectl apply -f simple_jwt_api.yml 
unable to recognize "simple_jwt_api.yml": Unauthorized 
unable to recognize "simple_jwt_api.yml": Unauthorized 
[Container] 2019/12/12 08:07:43 Command did not exit successfully kubectl apply -f simple_jwt_api.yml exit status 1 
[Container] 2019/12/12 08:07:43 Phase complete: POST_BUILD State: FAILED 
[Container] 2019/12/12 08:07:43 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: kubectl apply -f simple_jwt_api.yml. Reason: exit status 1 

simple_jwt_api.yml文件： simple_jwt_api.yml

建筑脚本文件： buildspec.yml

构建日志：

[Container] 2019/12/12 08:07:41 Running command kubectl apply -f simple_jwt_api.yml 
unable to recognize "simple_jwt_api.yml": Unauthorized 
unable to recognize "simple_jwt_api.yml": Unauthorized 

[Container] 2019/12/12 08:07:43 Command did not exit successfully kubectl apply -f simple_jwt_api.yml exit status 1 
[Container] 2019/12/12 08:07:43 Phase complete: POST_BUILD State: FAILED 
[Container] 2019/12/12 08:07:43 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: kubectl apply -f simple_jwt_api.yml. Reason: exit status 1 
[Container] 2019/12/12 08:07:43 Expanding base directory path: . 
[Container] 2019/12/12 08:07:43 Assembling file list 
[Container] 2019/12/12 08:07:43 Expanding . 
[Container] 2019/12/12 08:07:43 Expanding file paths for base directory . 
[Container] 2019/12/12 08:07:43 Assembling file list 
[Container] 2019/12/12 08:07:43 Expanding build.json 
[Container] 2019/12/12 08:07:43 Skipping invalid file path build.json 
[Container] 2019/12/12 08:07:43 Phase complete: UPLOAD_ARTIFACTS State: FAILED 
[Container] 2019/12/12 08:07:43 Phase context status code: CLIENT_ERROR Message: no matching artifact paths found 

Answer 1

Buildspec看起来不错，所以我怀疑您的CodeBuild服务角色的ARN（/ service-role /）中有一个“路径”，使用iam身份验证器对EKS进行身份验证时会引起问题。

您可以在另一个可能有用的话题上复习我的答案吗？

• Getting "Unable to recognize \"hello-k8s.yml\": Unauthorized" error when running kubectl apply -f hello-k8s.yml in CodeBuild phase

还请检查“身份验证器” EKS控制平面日志，该日志可能会提供一些有关“未经授权”错误的线索：

• Amazon EKS控制平面日志记录-https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html

Answer 2

我遇到了同样的问题。但是，对我来说，原因是对于文件“ /tmp/aws-auth-patch.yml”

我没有正确添加角色。

第一次，我将其添加到mapUsers而不是mapRoles。

第二，我忘了替换ACCOUNT_ID

第三次，我使用了错误的格式。

• 角色：arn：aws：iam :: ：role / UdacityFlaskDeployCBKubectlRole 用户名：build 组：
  • system：masters

应该是

• 组：
  • system：masters 角色学习：arn：aws：iam :: ：role / UdacityFlaskDeployCBKubectlRole 用户名：build

然后我得到正确的结果。