1282
Comment:
|
← Revision 5 as of 2022-03-13 06:51:48 ⇥
1569
|
Deletions are marked like this. | Additions are marked like this. |
Line 11: | Line 11: |
1. You need to know the IAM role/user that created the cluster. (Maybe look in your Terraform) | |
Line 13: | Line 14: |
# or if installed eksctl get cluster |
# or if installed $ eksctl get cluster |
Line 16: | Line 16: |
1. Make sure current role does not work by retrieveing kubectl config {{{ aws eks update-kubeconfig --region ap-southeast-2 --name "eks-cluster-name" |
1. Make sure current role does not work by retrieving kubectl config {{{ aws eks update-kubeconfig --region ap-southeast-2 --name "eks-cluster-name" --role-arn "arn:aws:iam::123456789:role/myk8srole" |
Line 19: | Line 19: |
error: You must be logged in to the server (Unauthorized) | |
Line 21: | Line 20: |
1. '''''error: You must be logged in to the server (Unauthorized)''''' * This error indicates that the role you used, is not in system:management, thus not the one that created the cluster. |
k8s kubernetes on AWS AWSEKS
Terraform example1 https://www.padok.fr/en/blog/aws-eks-cluster-terraform
Terraform example2 https://github.com/hashicorp/terraform-provider-aws/tree/master/examples/eks-getting-started
- 202012 - worked, only changed region and setup aws credentials.
- Creates new VPC and 2 subnets for k8s deployment
- Took 11min for management node to deploy
- Creates new VPC and 2 subnets for k8s deployment
- 202012 - worked, only changed region and setup aws credentials.
aws eks --region <region-code> update-kubeconfig --name <cluster_name>
Recover admin login
- You need to know the IAM role/user that created the cluster. (Maybe look in your Terraform)
Can you see the cluster (check correct export AWS_PROFILE=)
aws eks list-clusters # or if installed $ eksctl get cluster
Make sure current role does not work by retrieving kubectl config
aws eks update-kubeconfig --region ap-southeast-2 --name "eks-cluster-name" --role-arn "arn:aws:iam::123456789:role/myk8srole" kubectl get svc
error: You must be logged in to the server (Unauthorized)
- This error indicates that the role you used, is not in system:management, thus not the one that created the cluster.
AWS doc for Unauthorized or access denied (kubectl)
- Have to assume the original admin account/role
- How to find the admin account / role ?
install eksctl AWStool https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html
retrieve accounts
- How to find the admin account / role ?