k8s kubernetes on AWS AWSEKS

• Terraform example1 https://www.padok.fr/en/blog/aws-eks-cluster-terraform

• Terraform example2 https://github.com/hashicorp/terraform-provider-aws/tree/master/examples/eks-getting-started

  • 202012 - worked, only changed region and setup aws credentials.
    • Creates new VPC and 2 subnets for k8s deployment
      • Took 11min for management node to deploy

• aws eks --region <region-code> update-kubeconfig --name <cluster_name>

Recover admin login

1. You need to know the IAM role/user that created the cluster. (Maybe look in your Terraform)

2. Can you see the cluster (check correct export AWS_PROFILE=)

   aws eks list-clusters
   # or if installed $ eksctl get cluster

3. Make sure current role does not work by retrieving kubectl config

   aws eks update-kubeconfig --region ap-southeast-2 --name "eks-cluster-name" --role-arn "arn:aws:iam::123456789:role/myk8srole"
   kubectl get svc

4. error: You must be logged in to the server (Unauthorized)

   • This error indicates that the role you used, is not in system:management, thus not the one that created the cluster.

5. AWS doc for Unauthorized or access denied (kubectl)

   • https://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html#unauthorized

6. Have to assume the original admin account/role
   • How to find the admin account / role ?

     1. install eksctl AWStool https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html

     2. retrieve accounts