Difference between revisions of "Enabling IAM principal access to your cluster"

From wikieduonline
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 32: Line 32:
 
== Activities ==
 
== Activities ==
 
* [[Granting access to an IAM principal to view Kubernetes resources on a cluster]]
 
* [[Granting access to an IAM principal to view Kubernetes resources on a cluster]]
 
+
* [[How do I provide access to other IAM users and roles after cluster creation in Amazon EKS?]]
  
 
== Related ==
 
== Related ==
Line 45: Line 45:
 
* <code>[[kubectl get clusterroles]]</code>
 
* <code>[[kubectl get clusterroles]]</code>
 
* [[ServiceNow Kubernetes discovery]]
 
* [[ServiceNow Kubernetes discovery]]
* [[curl $APISERVER/api --header]] "[[Authorization: Bearer]] $TOKEN" [[--insecure]]
+
* <code>[[curl $APISERVER/api --header]] "[[Authorization: Bearer]] $TOKEN" [[--insecure]]</code>
* [[aws sts get-session-token]]
+
* <code>[[aws sts get-session-token]]</code>
  
 
== See also ==
 
== See also ==
* {{system:}}
 
 
* {{aws-iam-authenticator}}
 
* {{aws-iam-authenticator}}
 
* {{aws-auth}}
 
* {{aws-auth}}

Latest revision as of 11:35, 4 March 2024

system:masters
kubectl describe -n kube-system configmap/aws-auth


apiVersion: v1
data:
  mapRoles: |
    - groups:
      - system:bootstrappers
      - system:nodes
      rolearn: arn:aws:iam::111122223333:role/my-role
      username: system:node:Template:EC2PrivateDNSName
    - groups:
      - eks-console-dashboard-full-access-group
      rolearn: arn:aws:iam::111122223333:role/my-console-viewer-role
      username: my-console-viewer-role
  mapUsers: |
    - groups:
      - system:masters
      userarn: arn:aws:iam::111122223333:user/admin
      username: admin
    - groups:
      - eks-console-dashboard-restricted-access-group      
      userarn: arn:aws:iam::444455556666:user/my-user
      username: my-user


Activities[edit]

Related[edit]

See also[edit]

Advertising: