EKS Teleport Authentication

I have hosted teleport EKS proxy instance and from local machine i can able to authenticate against teleport proxy and my kubeconfig file also updated, even though i am not able execute kubectl command

ERROR: error: You must be logged in to the server (the server has asked for the client to provide credentials)

please help me on this

kubeconfig

apiVersion: v1
clusters:

  • cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://eks-bastion.server.com:3026
    name: us-east-1
    contexts:
  • context:
    cluster: us-east-1
    user: us-east-1
    name: us-east-1
    current-context: us-east-1
    kind: Config
    preferences: {}
    users:
  • name: us-east-1
    user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

DEBUG Message from EKS proxy:
DEBU [AUTH] ClientCertPool -> cert(us-east-1 issued by us-east-1:185465747653654656545486476458764876433) auth/middleware.go:389
DEBU [AUTH] ClientCertPool -> cert(us-east-1 issued by us-east-1:323753654656545486476458764876433758657) auth/middleware.go:389
DEBU [PROXY:KUB] Requesting new creds for user: vijay, users: map[vijay:{}], groups: map[k8s-admin@group:{} system:authenticated:{}], cluster: us-east-1. proxy/forwarder.go:952
DEBU [PROXY:KUB] Created new session for user: vijay, users: map[vijay:{}], groups: map[k8s-admin@group:{} system:authenticated:{}], cluster: us-east-1. proxy/forwarder.go:1039
DEBU [PROXY:SER] Dialing from: “15.48.114.252:55745” to: “F85EF1D36E5jkdbefnbrjJGVVY9EACA49A.gr7.us-east-1.eks.amazonaws.com:443”. trace.fields:map[cluster:us-east-1] reversetunnel/localsite.go:183
DEBU [HTTP:PROX] No valid environment variables found. proxy/proxy.go:222
DEBU [HTTP:PROX] No proxy set in environment, returning direct dialer. proxy/proxy.go:137
DEBU [PROXY:KUB] Releasing associated resources - context has been closed. srv/monitor.go:188

Are you running Teleport inside a Kubernetes pod inside the EKS cluster, or are you providing a kubeconfig file from outside via kubeconfig_file?

I have hosted proxy instance outside the cluster

How did you generate the kubeconfig file that you provided to Teleport? Did you use a script like https://github.com/gravitational/teleport/blob/master/examples/k8s-auth/get-kubeconfig.sh?

Using the AWS-provided kubeconfig that you get on your local machine after running something like aws eks update-kubeconfig won’t work.