尽管我的 User/Role ARN 不是 aws-auth CM 的一部分,但我如何能够访问 EKS 集群?
How i am able to access EKS Cluster, though my User/Role ARN is not part of aws-auth CM?
EKS 新手,正在学习。
我知道可以通过添加到 aws-auth 配置映射来向 IAM Users/Roles 提供访问权限,但是第一次创建集群时,AWS-auth 只有一个条目。
apiVersion: v1
data:
mapRoles: |
- "groups":
- "system:bootstrappers"
- "system:nodes"
"rolearn": "arn:aws:iam::XXXXXXXXXXXXXXX:role/test-eks"
"username": "system:node:{{EC2PrivateDNSName}}"
kind: ConfigMap
metadata:
name: aws-auth
namespace: kube-system
kubeconfig 文件
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority-data: XXXXXXXXXXX
server: https://XXXXXXXXXXXXX.XXX.us-east-1.eks.amazonaws.com
name: arn:aws:eks:us-east-1:XXXXXXXXXXXX:cluster/test-eks
contexts:
- context:
cluster: arn:aws:eks:us-east-1:XXXXXXXXXXXX:cluster/test-eks
user: arn:aws:eks:us-east-1:XXXXXXXXXXXX:cluster/test-eks
name: arn:aws:eks:us-east-1:XXXXXXXXXXXX:cluster/test-eks
current-context: arn:aws:eks:us-east-1:XXXXXXXXXXXX:cluster/test-eks
users:
- name: arn:aws:eks:us-east-1:XXXXXXXXXXXX:cluster/test-eks
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
args:
- --region
- us-east-1
- eks
- get-token
- --cluster-name
- test-eks
command: aws
问题:如何以管理员身份访问集群?我(IAM 用户)在集群中的哪个位置定义了集群管理员访问权限?
请帮助我理解。提前致谢!
https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html:
When you create an Amazon EKS cluster, the IAM entity user or role...
is automatically granted system:masters permissions in the cluster's
RBAC configuration in the control plane.
您已经是管理员,因为您是集群的创建者。
EKS 新手,正在学习。 我知道可以通过添加到 aws-auth 配置映射来向 IAM Users/Roles 提供访问权限,但是第一次创建集群时,AWS-auth 只有一个条目。
apiVersion: v1
data:
mapRoles: |
- "groups":
- "system:bootstrappers"
- "system:nodes"
"rolearn": "arn:aws:iam::XXXXXXXXXXXXXXX:role/test-eks"
"username": "system:node:{{EC2PrivateDNSName}}"
kind: ConfigMap
metadata:
name: aws-auth
namespace: kube-system
kubeconfig 文件
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority-data: XXXXXXXXXXX
server: https://XXXXXXXXXXXXX.XXX.us-east-1.eks.amazonaws.com
name: arn:aws:eks:us-east-1:XXXXXXXXXXXX:cluster/test-eks
contexts:
- context:
cluster: arn:aws:eks:us-east-1:XXXXXXXXXXXX:cluster/test-eks
user: arn:aws:eks:us-east-1:XXXXXXXXXXXX:cluster/test-eks
name: arn:aws:eks:us-east-1:XXXXXXXXXXXX:cluster/test-eks
current-context: arn:aws:eks:us-east-1:XXXXXXXXXXXX:cluster/test-eks
users:
- name: arn:aws:eks:us-east-1:XXXXXXXXXXXX:cluster/test-eks
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
args:
- --region
- us-east-1
- eks
- get-token
- --cluster-name
- test-eks
command: aws
问题:如何以管理员身份访问集群?我(IAM 用户)在集群中的哪个位置定义了集群管理员访问权限? 请帮助我理解。提前致谢!
https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html:
When you create an Amazon EKS cluster, the IAM entity user or role... is automatically granted system:masters permissions in the cluster's RBAC configuration in the control plane.
您已经是管理员,因为您是集群的创建者。