Differences between revisions 2 and 5 (spanning 3 versions)
Revision 2 as of 2020-12-20 02:21:20
Size: 482
Editor: PieterSmit
Comment:
Revision 5 as of 2022-03-13 06:51:48
Size: 1569
Editor: PieterSmit
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
Describe k8s/AwsEks here. = k8s kubernetes on AWS AWSEKS =
Line 8: Line 8:


== Recover admin login ==
 1. You need to know the IAM role/user that created the cluster. (Maybe look in your Terraform)
 1. Can you see the cluster (check correct export AWS_PROFILE=) {{{
aws eks list-clusters
# or if installed $ eksctl get cluster
}}}
 1. Make sure current role does not work by retrieving kubectl config {{{
aws eks update-kubeconfig --region ap-southeast-2 --name "eks-cluster-name" --role-arn "arn:aws:iam::123456789:role/myk8srole"
kubectl get svc
}}}
 1. '''''error: You must be logged in to the server (Unauthorized)'''''
   * This error indicates that the role you used, is not in system:management, thus not the one that created the cluster.

 1. AWS doc for '''Unauthorized or access denied (kubectl)'''
    * https://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html#unauthorized
 1. Have to assume the original admin account/role
    * How to find the admin account / role ?
      1. install '''eksctl''' AWStool https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html
      2. retrieve accounts {{{


}}}

k8s kubernetes on AWS AWSEKS

Recover admin login

  1. You need to know the IAM role/user that created the cluster. (Maybe look in your Terraform)
  2. Can you see the cluster (check correct export AWS_PROFILE=)

    aws eks list-clusters
    # or if installed $ eksctl get cluster
  3. Make sure current role does not work by retrieving kubectl config

    aws eks update-kubeconfig --region ap-southeast-2 --name "eks-cluster-name" --role-arn "arn:aws:iam::123456789:role/myk8srole"
    kubectl get svc
  4. error: You must be logged in to the server (Unauthorized)

    • This error indicates that the role you used, is not in system:management, thus not the one that created the cluster.
  5. AWS doc for Unauthorized or access denied (kubectl)

  6. Have to assume the original admin account/role

k8s/AwsEks (last edited 2022-03-13 06:51:48 by PieterSmit)