{"id":6366,"date":"2019-08-20T03:43:16","date_gmt":"2019-08-20T03:43:16","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=6366"},"modified":"2019-11-30T06:23:56","modified_gmt":"2019-11-30T06:23:56","slug":"eks-cluster-setup-error-the-server-doesnt-have-a-resource-type-services","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/eks-cluster-setup-error-the-server-doesnt-have-a-resource-type-services\/","title":{"rendered":"EKS cluster setup error: the server doesn&#8217;t have a resource type &#8220;services"},"content":{"rendered":"<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">&#91;root@ip<span class=\"hljs-number\">-172<\/span><span class=\"hljs-number\">-31<\/span><span class=\"hljs-number\">-26<\/span><span class=\"hljs-number\">-102<\/span> ~]<span class=\"hljs-comment\"># kubectl cluster-info<\/span>\nTo further debug <span class=\"hljs-keyword\">and<\/span> diagnose cluster problems, <span class=\"hljs-keyword\">use<\/span> '<span class=\"hljs-title\">kubectl<\/span> <span class=\"hljs-title\">cluster<\/span>-<span class=\"hljs-title\">info<\/span> <span class=\"hljs-title\">dump<\/span>'.\n<span class=\"hljs-title\">error<\/span>: <span class=\"hljs-title\">the<\/span> <span class=\"hljs-title\">server<\/span> <span class=\"hljs-title\">doesn<\/span>'<span class=\"hljs-title\">t<\/span> <span class=\"hljs-title\">have<\/span> <span class=\"hljs-title\">a<\/span> <span class=\"hljs-title\">resource<\/span> <span class=\"hljs-title\">type<\/span> \"<span class=\"hljs-title\">services<\/span>\"\n&#91;<span class=\"hljs-title\">root<\/span>@<span class=\"hljs-title\">ip<\/span>-172-31-26-102 ~]# <span class=\"hljs-title\">kubectl<\/span> <span class=\"hljs-title\">get<\/span> <span class=\"hljs-title\">svc<\/span>\n<span class=\"hljs-title\">error<\/span>: <span class=\"hljs-title\">the<\/span> <span class=\"hljs-title\">server<\/span> <span class=\"hljs-title\">doesn<\/span>'<span class=\"hljs-title\">t<\/span> <span class=\"hljs-title\">have<\/span> <span class=\"hljs-title\">a<\/span> <span class=\"hljs-title\">resource<\/span> <span class=\"hljs-title\">type<\/span> \"<span class=\"hljs-title\">svc<\/span>\"\n&#91;<span class=\"hljs-title\">root<\/span>@<span class=\"hljs-title\">ip<\/span>-172-31-26-102 ~]# <span class=\"hljs-title\">kubectl<\/span> <span class=\"hljs-title\">get<\/span> <span class=\"hljs-title\">deploy<\/span>\n<span class=\"hljs-title\">error<\/span>: <span class=\"hljs-title\">the<\/span> <span class=\"hljs-title\">server<\/span> <span class=\"hljs-title\">doesn<\/span>'<span class=\"hljs-title\">t<\/span> <span class=\"hljs-title\">have<\/span> <span class=\"hljs-title\">a<\/span> <span class=\"hljs-title\">resource<\/span> <span class=\"hljs-title\">type<\/span> \"<span class=\"hljs-title\">deploy<\/span>\"\n&#91;<span class=\"hljs-title\">root<\/span>@<span class=\"hljs-title\">ip<\/span>-172-31-26-102 ~]# <span class=\"hljs-title\">kubectl<\/span> <span class=\"hljs-title\">get<\/span> <span class=\"hljs-title\">nodes<\/span>\n<span class=\"hljs-title\">error<\/span>: <span class=\"hljs-title\">the<\/span> <span class=\"hljs-title\">server<\/span> <span class=\"hljs-title\">doesn<\/span>'<span class=\"hljs-title\">t<\/span> <span class=\"hljs-title\">have<\/span> <span class=\"hljs-title\">a<\/span> <span class=\"hljs-title\">resource<\/span> <span class=\"hljs-title\">type<\/span> \"<span class=\"hljs-title\">nodes<\/span>\"<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<ul class=\"wp-block-list\"><li>When an Amazon EKS cluster is created, the IAM entity (user or role) that creates the cluster is added to the Kubernetes RBAC authorization table as the administrator (with system:master permissions. <\/li><li>Initially, only that IAM user can make calls to the Kubernetes API server using kubectl.<\/li><li>If you use the console to create the cluster, you must ensure that the same IAM user credentials are in the AWS SDK credential chain when you are running kubectl commands on your cluster. <\/li><li>When you create an Amazon EKS cluster, the IAM entity user or role, such as a federated user that creates the cluster, is automatically granted system:masters permissions in the cluster&#8217;s RBAC configuration.<\/li><\/ul>\n\n\n\n<p>To grant additional AWS users or roles the ability to interact with your cluster, you must edit the aws-auth ConfigMap within Kubernetes.<\/p>\n\n\n<pre class=\"wp-block-code\"><span><code class=\"hljs\">$ kubectl describe configmap -n kube-system aws-auth\n$ kubectl edit -n kube-system configmap\/aws-auth<\/code><\/span><\/pre>\n\n\n<ul class=\"wp-block-list\"><li><strong>To add an IAM user:<\/strong>&nbsp;add the user details to the&nbsp;<code>mapUsers<\/code>&nbsp;section of the ConfigMap, under&nbsp;<code>data<\/code>. Add this section if it does not already exist in the file. Each entry supports the following parameters:<ul><li><strong>userarn<\/strong>: The ARN of the IAM user to add.<\/li><li><strong>username<\/strong>: The user name within Kubernetes to map to the IAM user. By default, the user name is the ARN of the IAM user.<\/li><li><strong>groups<\/strong>: A list of groups within Kubernetes to which the user is mapped to. For more information, see&nbsp;<a href=\"https:\/\/kubernetes.io\/docs\/reference\/access-authn-authz\/rbac\/#default-roles-and-role-bindings\" target=\"_blank\" rel=\"noreferrer noopener\">Default Roles and Role Bindings<\/a>&nbsp;in the Kubernetes documentation.<\/li><\/ul><\/li><li><strong>To add an IAM role (for example, for&nbsp;<a href=\"https:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/id_roles_providers.html\" target=\"_blank\" rel=\"noopener\">federated users<\/a>):<\/strong>&nbsp;add the role details to the<code>mapRoles<\/code>&nbsp;section of the ConfigMap, under&nbsp;<code>data<\/code>. Add this section if it does not already exist in the file. Each entry supports the following parameters:<ul><li><strong>rolearn<\/strong>: The ARN of the IAM role to add.<\/li><li><strong>username<\/strong>: The user name within Kubernetes to map to the IAM role. By default, the user name is the ARN of the IAM role.<\/li><li><strong>groups<\/strong>: A list of groups within Kubernetes to which the role is mapped. For more information, see&nbsp;<a href=\"https:\/\/kubernetes.io\/docs\/reference\/access-authn-authz\/rbac\/#default-roles-and-role-bindings\" target=\"_blank\" rel=\"noreferrer noopener\">Default Roles and Role Bindings<\/a>&nbsp;in the Kubernetes documentation.<\/li><\/ul><\/li><\/ul>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-comment\"># Please edit the object below. Lines beginning with a '#' will be ignored,<\/span>\n<span class=\"hljs-comment\"># and an empty file will abort the edit. If an error occurs while saving this file will be<\/span>\n<span class=\"hljs-comment\"># reopened with the relevant failures.<\/span>\n<span class=\"hljs-comment\">#<\/span>\napiVersion: v1\ndata:\n  mapRoles: |\n    - rolearn: arn:aws:iam::<span class=\"hljs-number\">555555555555<\/span>:role\/devel-worker-nodes-NodeInstanceRole<span class=\"hljs-number\">-74<\/span>RF4UBDUKL6\n      username: system:node:{{EC2PrivateDNSName}}\n      groups:\n        - system:bootstrappers\n        - system:nodes\n  mapUsers: |\n    - userarn: arn:aws:iam::<span class=\"hljs-number\">555555555555<\/span>:user\/admin\n      username: admin\n      groups:\n        - system:masters\n    - userarn: arn:aws:iam::<span class=\"hljs-number\">111122223333<\/span>:user\/ops-user\n      username: ops-user\n      groups:\n        - system:masters<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>","protected":false},"excerpt":{"rendered":"<p>When an Amazon EKS cluster is created, the IAM entity (user or role) that creates the cluster is added to the Kubernetes RBAC authorization table as the administrator (with system:master permissions. Initially, only that IAM user can make calls to the Kubernetes API server using kubectl. If you use the console to create the cluster,&#8230;<\/p>\n","protected":false},"author":1,"featured_media":7899,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","_joinchat":[],"footnotes":""},"categories":[4859],"tags":[5563,5459,5449,258,399,229],"class_list":["post-6366","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kubernetes","tag-amazoneks","tag-cluster","tag-devopsschool","tag-error","tag-server","tag-services"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/6366","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=6366"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/6366\/revisions"}],"predecessor-version":[{"id":6367,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/6366\/revisions\/6367"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media\/7899"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=6366"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=6366"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=6366"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}