|
Size: 482
Comment:
|
← Revision 5 as of 2022-03-13 06:51:48 ⇥
Size: 1569
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| Describe k8s/AwsEks here. | = k8s kubernetes on AWS AWSEKS = |
| Line 8: | Line 8: |
== Recover admin login == 1. You need to know the IAM role/user that created the cluster. (Maybe look in your Terraform) 1. Can you see the cluster (check correct export AWS_PROFILE=) {{{ aws eks list-clusters # or if installed $ eksctl get cluster }}} 1. Make sure current role does not work by retrieving kubectl config {{{ aws eks update-kubeconfig --region ap-southeast-2 --name "eks-cluster-name" --role-arn "arn:aws:iam::123456789:role/myk8srole" kubectl get svc }}} 1. '''''error: You must be logged in to the server (Unauthorized)''''' * This error indicates that the role you used, is not in system:management, thus not the one that created the cluster. 1. AWS doc for '''Unauthorized or access denied (kubectl)''' * https://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html#unauthorized 1. Have to assume the original admin account/role * How to find the admin account / role ? 1. install '''eksctl''' AWStool https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html 2. retrieve accounts {{{ }}} |
k8s kubernetes on AWS AWSEKS
Terraform example1 https://www.padok.fr/en/blog/aws-eks-cluster-terraform
Terraform example2 https://github.com/hashicorp/terraform-provider-aws/tree/master/examples/eks-getting-started
- 202012 - worked, only changed region and setup aws credentials.
- Creates new VPC and 2 subnets for k8s deployment
- Took 11min for management node to deploy
- Creates new VPC and 2 subnets for k8s deployment
- 202012 - worked, only changed region and setup aws credentials.
aws eks --region <region-code> update-kubeconfig --name <cluster_name>
Recover admin login
- You need to know the IAM role/user that created the cluster. (Maybe look in your Terraform)
Can you see the cluster (check correct export AWS_PROFILE=)
aws eks list-clusters # or if installed $ eksctl get cluster
Make sure current role does not work by retrieving kubectl config
aws eks update-kubeconfig --region ap-southeast-2 --name "eks-cluster-name" --role-arn "arn:aws:iam::123456789:role/myk8srole" kubectl get svc
error: You must be logged in to the server (Unauthorized)
- This error indicates that the role you used, is not in system:management, thus not the one that created the cluster.
AWS doc for Unauthorized or access denied (kubectl)
- Have to assume the original admin account/role
- How to find the admin account / role ?
install eksctl AWStool https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html
retrieve accounts
- How to find the admin account / role ?