Difference between revisions of "Enabling IAM principal access to your cluster"
Jump to navigation
Jump to search
| Line 9: | Line 9: | ||
apiVersion: v1 | apiVersion: v1 | ||
data: | data: | ||
| − | mapRoles: | | + | [[mapRoles:]] | |
- groups: | - groups: | ||
- system:bootstrappers | - system:bootstrappers | ||
| Line 19: | Line 19: | ||
rolearn: arn:aws:iam::111122223333:role/my-console-viewer-role | rolearn: arn:aws:iam::111122223333:role/my-console-viewer-role | ||
username: my-console-viewer-role | username: my-console-viewer-role | ||
| − | mapUsers: | | + | [[mapUsers:]] | |
- groups: | - groups: | ||
- [[system:masters]] | - [[system:masters]] | ||
Revision as of 21:58, 23 October 2023
system:masters
kubectl describe -n kube-system configmap/aws-auth
apiVersion: v1 data: mapRoles: | - groups: - system:bootstrappers - system:nodes rolearn: arn:aws:iam::111122223333:role/my-role username: system:node:Template:EC2PrivateDNSName - groups: - eks-console-dashboard-full-access-group rolearn: arn:aws:iam::111122223333:role/my-console-viewer-role username: my-console-viewer-role mapUsers: | - groups: - system:masters userarn: arn:aws:iam::111122223333:user/admin username: admin - groups: - eks-console-dashboard-restricted-access-group userarn: arn:aws:iam::444455556666:user/my-user username: my-user
Activities
Related
aws-iam-authenticator add- K8s Cluster roles:
cluster-admin, admin, edit, view - AWS IAM Authenticator for Kubernetes configured in aws-auth ConfigMap
kubectl get roles -Akubectl get clusterroleskubectl get rolebindings -Akubectl describe role your-role-name -n kube-system- AWS IAM principal
kubectl get clusterroles- ServiceNow Kubernetes discovery
See also
system:, system:masters, system:controller:, system:anonymous, system:serviceaccount:, system:serviceaccounts:, system:bootstrappers, system:node, system:nodes,kubectl get clusterroles- AWS IAM Authenticator for Kubernetes:
aws-iam-authenticator: [token | verify | add | init | server | version | --help],configmap/aws-auth,AmazonEKSAdminPolicy,AmazonEKSClusterAdminPolicy - AWS IAM Authenticator for Kubernetes:
aws-auth, kubectl edit -n kube-system configmap/aws-auth, eksctl create iamidentitymapping,mapUsers:, mapRoles:, mapAccounts: - Kubernetes RBAC
kubectl auth, kubectl auth can-i, kubectl auth reconcilekubectl create [ role | clusterrole | clusterrolebinding|rolebinding | serviceaccount ], groups:, Kubernetes RBAC good practices,kube2iam, K8s Cluster roles,rbac.authorization.k8s.io,system:
Advertising:
