Difference between revisions of "Enabling IAM principal access to your cluster"

From wikieduonline
Jump to navigation Jump to search
 
(11 intermediate revisions by the same user not shown)
Line 5: Line 5:
  
 
  [[kubectl describe -n kube-system configmap/aws-auth]]
 
  [[kubectl describe -n kube-system configmap/aws-auth]]
 +
 +
 +
apiVersion: v1
 +
data:
 +
  [[mapRoles:]] |
 +
    - groups:
 +
      - system:bootstrappers
 +
      - system:nodes
 +
      rolearn: arn:aws:iam::111122223333:role/my-role
 +
      username: system:node:{{EC2PrivateDNSName}}
 +
    - groups:
 +
      - eks-console-dashboard-full-access-group
 +
      rolearn: arn:aws:iam::111122223333:role/my-console-viewer-role
 +
      username: my-console-viewer-role
 +
  [[mapUsers:]] |
 +
    - groups:
 +
      - [[system:masters]]
 +
      userarn: arn:aws:iam::111122223333:user/admin
 +
      username: admin
 +
    - groups:
 +
      - eks-console-dashboard-restricted-access-group     
 +
      userarn: arn:aws:iam::444455556666:user/my-user
 +
      username: my-user
  
  
 
== Activities ==
 
== Activities ==
 
* [[Granting access to an IAM principal to view Kubernetes resources on a cluster]]
 
* [[Granting access to an IAM principal to view Kubernetes resources on a cluster]]
 
+
* [[How do I provide access to other IAM users and roles after cluster creation in Amazon EKS?]]
  
 
== Related ==
 
== Related ==
* [[aws-iam-authenticator add]]
+
* <code>[[aws-iam-authenticator add]]</code>
 
* [[K8s Cluster roles]]: <code>[[cluster-admin]], [[admin]], [[edit]], [[Kubernetes view role|view]]</code>
 
* [[K8s Cluster roles]]: <code>[[cluster-admin]], [[admin]], [[edit]], [[Kubernetes view role|view]]</code>
 
* [[AWS IAM Authenticator for Kubernetes]] configured in [[aws-auth ConfigMap]]
 
* [[AWS IAM Authenticator for Kubernetes]] configured in [[aws-auth ConfigMap]]
* [[kubectl get roles -A]]
+
* <code>[[kubectl get roles -A]]</code>
* [[kubectl get clusterroles]]
+
* <code>[[kubectl get clusterroles]]</code>
* [[kubectl get rolebindings -A]]
+
* <code>[[kubectl get rolebindings -A]]</code>
* [[kubectl describe role]] your-role-name -n kube-system
+
* <code>[[kubectl describe role]] your-role-name -n kube-system</code>
 
* [[AWS IAM principal]]
 
* [[AWS IAM principal]]
* [[kubectl get clusterroles]]
+
* <code>[[kubectl get clusterroles]]</code>
 
* [[ServiceNow Kubernetes discovery]]
 
* [[ServiceNow Kubernetes discovery]]
 +
* <code>[[curl $APISERVER/api --header]] "[[Authorization: Bearer]] $TOKEN" [[--insecure]]</code>
 +
* <code>[[aws sts get-session-token]]</code>
  
 
== See also ==
 
== See also ==
* {{system:}}
 
 
* {{aws-iam-authenticator}}
 
* {{aws-iam-authenticator}}
 
* {{aws-auth}}
 
* {{aws-auth}}

Latest revision as of 11:35, 4 March 2024

system:masters
kubectl describe -n kube-system configmap/aws-auth


apiVersion: v1
data:
  mapRoles: |
    - groups:
      - system:bootstrappers
      - system:nodes
      rolearn: arn:aws:iam::111122223333:role/my-role
      username: system:node:Template:EC2PrivateDNSName
    - groups:
      - eks-console-dashboard-full-access-group
      rolearn: arn:aws:iam::111122223333:role/my-console-viewer-role
      username: my-console-viewer-role
  mapUsers: |
    - groups:
      - system:masters
      userarn: arn:aws:iam::111122223333:user/admin
      username: admin
    - groups:
      - eks-console-dashboard-restricted-access-group      
      userarn: arn:aws:iam::444455556666:user/my-user
      username: my-user


Activities[edit]

Related[edit]

See also[edit]

Advertising: