Difference between revisions of "Aws-auth configMap"
Jump to navigation
Jump to search
(20 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
{{lc}} | {{lc}} | ||
− | AWS IAM Authenticator for Kubernetes get information from <code>[[aws-auth]]</code> [[ConfigMap]]. | + | [[AWS IAM Authenticator]] for Kubernetes get information from <code>[[aws-auth]]</code> [[ConfigMap]]. |
https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html | https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html | ||
Line 7: | Line 7: | ||
* <code>[[kubectl describe -n kube-system configmap/aws-auth]]</code> | * <code>[[kubectl describe -n kube-system configmap/aws-auth]]</code> | ||
* <code>[[kubectl -n kube-system get configmap aws-auth -o=yaml]]</code> | * <code>[[kubectl -n kube-system get configmap aws-auth -o=yaml]]</code> | ||
+ | |||
+ | == Terraform == | ||
+ | * [[Terraform EKS module]]: <code>[[create_aws_auth_configmap]], [[manage_aws_auth_configmap]]</code> | ||
+ | * [[Terraform resource]]: <code>[[kubernetes_config_map_v1_data]]</code> | ||
+ | |||
+ | == Errors == | ||
+ | * <code>[[The SSO session associated with this profile has expired or is otherwise invalid. To refresh this SSO session run aws sso login with the corresponding profile.]]</code> | ||
+ | * <code>[[Your current user or role does not have access to Kubernetes objects on this EKS cluster]]</code> | ||
+ | * [[Error: Unauthorized]] | ||
+ | |||
+ | == Activities == | ||
+ | * [[Enabling IAM principal access to your cluster]] | ||
== Related == | == Related == | ||
* <code>[[eksct create iamidentitymapping]]</code> | * <code>[[eksct create iamidentitymapping]]</code> | ||
− | |||
* [[EKS single sign-on using AWS SSO]] | * [[EKS single sign-on using AWS SSO]] | ||
− | * | + | * [[Terraform EKS module]]: <code>[[aws_auth_roles]]</code> |
− | |||
* [[Amazon EKS authorization]] | * [[Amazon EKS authorization]] | ||
− | * <code>eksctl get iamidentitymapping --cluster your-eks-cluster</code> | + | * <code>[[eksctl get iamidentitymapping]] --cluster your-eks-cluster</code> |
* <code>[[Error: getting auth ConfigMap]]: Unauthorized</code> | * <code>[[Error: getting auth ConfigMap]]: Unauthorized</code> | ||
* <code>[[kind: ClusterRole]]</code> | * <code>[[kind: ClusterRole]]</code> | ||
* <code>[[HelmRoleArn]]</code> and <code>[[KubernetesRoleArn]]</code> | * <code>[[HelmRoleArn]]</code> and <code>[[KubernetesRoleArn]]</code> | ||
* <code>[[system:masters]], [[system:serviceaccount:]]</code> | * <code>[[system:masters]], [[system:serviceaccount:]]</code> | ||
+ | * <code>[[kubernetes_config_map]]</code> | ||
+ | * <code>[[kubectl get configmap -n kube-system]]</code> | ||
+ | * <code>[[service-account-controller]]</code> | ||
+ | * <code>[[kubectl get clusterroles]]</code> | ||
+ | * <code>[[cluster_endpoint_public_access]]</code> | ||
== See also == | == See also == | ||
* {{aws-auth}} | * {{aws-auth}} | ||
* {{EKS RBAC}} | * {{EKS RBAC}} | ||
+ | * {{Kubernetes Authentication}} | ||
[[Category:EKS]] | [[Category:EKS]] |
Latest revision as of 08:56, 11 July 2024
AWS IAM Authenticator for Kubernetes get information from aws-auth
ConfigMap.
https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
Examples[edit]
kubectl edit -n kube-system configmap/aws-auth
kubectl describe -n kube-system configmap/aws-auth
kubectl -n kube-system get configmap aws-auth -o=yaml
Terraform[edit]
- Terraform EKS module:
create_aws_auth_configmap, manage_aws_auth_configmap
- Terraform resource:
kubernetes_config_map_v1_data
Errors[edit]
The SSO session associated with this profile has expired or is otherwise invalid. To refresh this SSO session run aws sso login with the corresponding profile.
Your current user or role does not have access to Kubernetes objects on this EKS cluster
- Error: Unauthorized
Activities[edit]
Related[edit]
eksct create iamidentitymapping
- EKS single sign-on using AWS SSO
- Terraform EKS module:
aws_auth_roles
- Amazon EKS authorization
eksctl get iamidentitymapping --cluster your-eks-cluster
Error: getting auth ConfigMap: Unauthorized
kind: ClusterRole
HelmRoleArn
andKubernetesRoleArn
system:masters, system:serviceaccount:
kubernetes_config_map
kubectl get configmap -n kube-system
service-account-controller
kubectl get clusterroles
cluster_endpoint_public_access
See also[edit]
- AWS IAM Authenticator for Kubernetes:
aws-auth, kubectl edit -n kube-system configmap/aws-auth, eksctl create iamidentitymapping
,mapUsers:, mapRoles:, mapAccounts:
- EKS RBAC, Amazon EKS authentication, Amazon EKS authorization,
aws eks get-token, aws-auth ConfigMap, aws-iam-authenticator, eksctl create iamidentitymapping, eksctl get iamidentitymapping, eks:AccessKubernetesApi, eks-connector
, K8s Cluster roles,AmazonEKSAdminPolicy
,AmazonEKSClusterAdminPolicy
- Kubernetes Authentication,
kubectl create serviceaccount, kubectl get serviceaccounts, CertificateSigningRequest, aws-auth
, bearer tokens, EKS Authentication
Advertising: