|
Size: 1068
Comment:
|
← Revision 5 as of 2022-03-13 06:51:48 ⇥
Size: 1569
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 11: | Line 11: |
| 1. Can you see the cluster (check correct AWS_Profile) {{{ | 1. You need to know the IAM role/user that created the cluster. (Maybe look in your Terraform) 1. Can you see the cluster (check correct export AWS_PROFILE=) {{{ |
| Line 13: | Line 14: |
| # or if installed $ eksctl get cluster | |
| Line 14: | Line 16: |
| 1. Make sure current role does not work by retrieveing kubectl config {{{ aws eks update-kubeconfig --region ap-southeast-2 --name "eks-cluster-name" |
1. Make sure current role does not work by retrieving kubectl config {{{ aws eks update-kubeconfig --region ap-southeast-2 --name "eks-cluster-name" --role-arn "arn:aws:iam::123456789:role/myk8srole" |
| Line 17: | Line 19: |
| error: You must be logged in to the server (Unauthorized) | |
| Line 19: | Line 20: |
| 1. '''''error: You must be logged in to the server (Unauthorized)''''' * This error indicates that the role you used, is not in system:management, thus not the one that created the cluster. 1. AWS doc for '''Unauthorized or access denied (kubectl)''' * https://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html#unauthorized |
|
| Line 21: | Line 27: |
| 1. install eksctl https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html | 1. install '''eksctl''' AWStool https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html |
k8s kubernetes on AWS AWSEKS
Terraform example1 https://www.padok.fr/en/blog/aws-eks-cluster-terraform
Terraform example2 https://github.com/hashicorp/terraform-provider-aws/tree/master/examples/eks-getting-started
- 202012 - worked, only changed region and setup aws credentials.
- Creates new VPC and 2 subnets for k8s deployment
- Took 11min for management node to deploy
- Creates new VPC and 2 subnets for k8s deployment
- 202012 - worked, only changed region and setup aws credentials.
aws eks --region <region-code> update-kubeconfig --name <cluster_name>
Recover admin login
- You need to know the IAM role/user that created the cluster. (Maybe look in your Terraform)
Can you see the cluster (check correct export AWS_PROFILE=)
aws eks list-clusters # or if installed $ eksctl get cluster
Make sure current role does not work by retrieving kubectl config
aws eks update-kubeconfig --region ap-southeast-2 --name "eks-cluster-name" --role-arn "arn:aws:iam::123456789:role/myk8srole" kubectl get svc
error: You must be logged in to the server (Unauthorized)
- This error indicates that the role you used, is not in system:management, thus not the one that created the cluster.
AWS doc for Unauthorized or access denied (kubectl)
- Have to assume the original admin account/role
- How to find the admin account / role ?
install eksctl AWStool https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html
retrieve accounts
- How to find the admin account / role ?