Difference between revisions of "Aws-auth configMap"
Jump to navigation
Jump to search
| (35 intermediate revisions by 6 users not shown) | |||
| Line 1: | Line 1: | ||
{{lc}} | {{lc}} | ||
| − | AWS IAM Authenticator for Kubernetes get information from <code>[[aws-auth]]</code> [[ConfigMap]]. | + | [[AWS IAM Authenticator]] for Kubernetes get information from <code>[[aws-auth]]</code> [[ConfigMap]]. |
https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html | https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html | ||
| Line 7: | Line 7: | ||
* <code>[[kubectl describe -n kube-system configmap/aws-auth]]</code> | * <code>[[kubectl describe -n kube-system configmap/aws-auth]]</code> | ||
* <code>[[kubectl -n kube-system get configmap aws-auth -o=yaml]]</code> | * <code>[[kubectl -n kube-system get configmap aws-auth -o=yaml]]</code> | ||
| + | |||
| + | == Terraform == | ||
| + | * [[Terraform EKS module]]: <code>[[create_aws_auth_configmap]], [[manage_aws_auth_configmap]]</code> | ||
| + | * [[Terraform resource]]: <code>[[kubernetes_config_map_v1_data]]</code> | ||
| + | |||
| + | == Errors == | ||
| + | * <code>[[The SSO session associated with this profile has expired or is otherwise invalid. To refresh this SSO session run aws sso login with the corresponding profile.]]</code> | ||
| + | * <code>[[Your current user or role does not have access to Kubernetes objects on this EKS cluster]]</code> | ||
| + | * [[Error: Unauthorized]] | ||
| + | |||
| + | == Activities == | ||
| + | * [[Enabling IAM principal access to your cluster]] | ||
== Related == | == Related == | ||
| − | * <code>[[ | + | * <code>[[eksct create iamidentitymapping]]</code> |
| − | |||
* [[EKS single sign-on using AWS SSO]] | * [[EKS single sign-on using AWS SSO]] | ||
| − | * <code>[[ | + | * [[Terraform EKS module]]: <code>[[aws_auth_roles]]</code> |
| + | * [[Amazon EKS authorization]] | ||
| + | * <code>[[eksctl get iamidentitymapping]] --cluster your-eks-cluster</code> | ||
| + | * <code>[[Error: getting auth ConfigMap]]: Unauthorized</code> | ||
| + | * <code>[[kind: ClusterRole]]</code> | ||
| + | * <code>[[HelmRoleArn]]</code> and <code>[[KubernetesRoleArn]]</code> | ||
| + | * <code>[[system:masters]], [[system:serviceaccount:]]</code> | ||
| + | * <code>[[kubernetes_config_map]]</code> | ||
| + | * <code>[[kubectl get configmap -n kube-system]]</code> | ||
| + | * [[service-account-controller]] | ||
| + | * [[kubectl get clusterroles]] | ||
| + | * <code>[[cluster_endpoint_public_access]]</code> | ||
== See also == | == See also == | ||
* {{aws-auth}} | * {{aws-auth}} | ||
| − | * {{ | + | * {{EKS RBAC}} |
* {{Kubernetes Authentication}} | * {{Kubernetes Authentication}} | ||
[[Category:EKS]] | [[Category:EKS]] | ||
Revision as of 11:33, 4 March 2024
AWS IAM Authenticator for Kubernetes get information from aws-auth ConfigMap.
https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
Examples
kubectl edit -n kube-system configmap/aws-authkubectl describe -n kube-system configmap/aws-authkubectl -n kube-system get configmap aws-auth -o=yaml
Terraform
- Terraform EKS module:
create_aws_auth_configmap, manage_aws_auth_configmap - Terraform resource:
kubernetes_config_map_v1_data
Errors
The SSO session associated with this profile has expired or is otherwise invalid. To refresh this SSO session run aws sso login with the corresponding profile.Your current user or role does not have access to Kubernetes objects on this EKS cluster- Error: Unauthorized
Activities
Related
eksct create iamidentitymapping- EKS single sign-on using AWS SSO
- Terraform EKS module:
aws_auth_roles - Amazon EKS authorization
eksctl get iamidentitymapping --cluster your-eks-clusterError: getting auth ConfigMap: Unauthorizedkind: ClusterRoleHelmRoleArnandKubernetesRoleArnsystem:masters, system:serviceaccount:kubernetes_config_mapkubectl get configmap -n kube-system- service-account-controller
- kubectl get clusterroles
cluster_endpoint_public_access
See also
- AWS IAM Authenticator for Kubernetes:
aws-auth, kubectl edit -n kube-system configmap/aws-auth, eksctl create iamidentitymapping,mapUsers:, mapRoles:, mapAccounts: - EKS RBAC, Amazon EKS authentication, Amazon EKS authorization,
aws eks get-token, aws-auth ConfigMap, aws-iam-authenticator, eksctl create iamidentitymapping, eksctl get iamidentitymapping, eks:AccessKubernetesApi, eks-connector, K8s Cluster roles,AmazonEKSAdminPolicy,AmazonEKSClusterAdminPolicy - Kubernetes Authentication,
kubectl create serviceaccount, kubectl get serviceaccounts, CertificateSigningRequest, aws-auth, bearer tokens, EKS Authentication
Advertising:
