Terraform-provider-helm: Provider errors during plan when k8s token is provided claiming username was also provided

Created on 31 Jan 2019  路  12Comments  路  Source: hashicorp/terraform-provider-helm

Terraform Version

v0.11.1

Affected Resource(s)

  • helm provider

Terraform Configuration Files

provider "helm" {

    version = "~> 0.7.0"

    //debug = true

    install_tiller = false
    service_account = "tiller"
    namespace = "${local.namespace}"

    kubernetes {
      host                              = "${var.eks_endpoint}"
      cluster_ca_certificate  = "${base64decode(var.eks_ca_data)}"
      token                            = "${data.external.aws-iam-authenticator.result.token}"
    }
}

Debug Output

Error: Error refreshing state: 1 error(s) occurred:

* provider.helm: failed to configure kubernetes config: username/password or bearer token may be set, but not both

Panic Output

none

Expected Behavior

It should have used the provided token and completed the plan with success.

Actual Behavior

It acts like username and password along with token were provided.

Steps to Reproduce

  1. terraform plan

Important Factoids

Running on AWS EKS.

References

Most helpful comment

Adding load_config_file = false helped, thanks to @gordonbondon

All 12 comments

I'm running into this as well.

Same issue with provider version 0.10.0

I've submitted a PR with a partial fix, but this also requires #304 to be merged so load_config_file = false is actually correctly detected.

Closing this. Feel free to reopen if the #307 doesn't fix it.

terraform version 0.12.12
helm provider version 0.10.4

The problem appeared, earlier with 0.10.2 version of helm-provider it doesn't exist.

P.S. The issue appears while working with Atlantis, on my local MacOS everything fine with 0.10.4

@rporres should I open a new ticket or you will re-open this one?

@vliubko what's your provider config? are you getting the same username/password or bearer token may be set error?

We've been running with two of these fixes for some time both locally and in Atlantis, and it worked fine for us.

@gordonbondon
1) Yes, error is the same. failed to configure kubernetes config: username/password or bearer token may be set, but not both
2) config:

provider "helm" {
  version         = "0.10.4"
  tiller_image    = "gcr.io/kubernetes-helm/tiller:v2.14.0"
  service_account = var.service_account
  kubernetes {
    host = var.gke_cluster.primary_endpoint
    cluster_ca_certificate = var.gke_ca_certificate
    username = var.username
    password = var.password
  }
}

Adding load_config_file = false helped, thanks to @gordonbondon

Facing similar issue with:
terraform version = 0.12.15

and

provider "kubernetes" {
version = "1.10"
host = module.gke.gke_cluster_endpoint
username = module.gke.gke_cluster_user
password = module.gke.gke_cluster_password
client_certificate = base64decode(module.gke.gke_cluster_client_certificate)
client_key = base64decode(module.gke.gke_cluster_client_key)
cluster_ca_certificate = base64decode(module.gke.gke_cluster_ca_certificate)
load_config_file = false
}

Error: Failed to configure: username/password or bearer token may be set, but not both
on provider.tf line 18, in provider "kubernetes":
provider "kubernetes"

@avish1990 this is a known issue in kubernetes provider, not related to helm provider. You can see discussion and some workarounds here https://github.com/terraform-providers/terraform-provider-kubernetes/issues/679 ,

@gordonbondon Thanks! This workaround - https://github.com/terraform-providers/terraform-provider-kubernetes/issues/679#issuecomment-552119320 worked for me.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

obeyler picture obeyler  路  16Comments

btai24 picture btai24  路  11Comments

ukphillips picture ukphillips  路  12Comments

kim0 picture kim0  路  12Comments

dangarthwaite picture dangarthwaite  路  19Comments