= k8s kubernetes on AWS AWSEKS =
 * Terraform example1 [[https://www.padok.fr/en/blog/aws-eks-cluster-terraform]]
 * Terraform example2 [[https://github.com/hashicorp/terraform-provider-aws/tree/master/examples/eks-getting-started]]
   * 202012 - worked, only changed region and setup aws credentials.
     * Creates new VPC and 2 subnets for k8s deployment
       * Took 11min for management node to deploy
 * aws eks --region <region-code> update-kubeconfig --name <cluster_name>


== Recover admin login ==
 1. You need to know the IAM role/user that created the cluster. (Maybe look in your Terraform)
 1. Can you see the cluster (check correct export AWS_PROFILE=) {{{
aws eks list-clusters
# or if installed $ eksctl get cluster
}}}
 1. Make sure current role does not work by retrieving kubectl config {{{
aws eks update-kubeconfig --region ap-southeast-2 --name "eks-cluster-name" --role-arn "arn:aws:iam::123456789:role/myk8srole"
kubectl get svc
}}}
 1. '''''error: You must be logged in to the server (Unauthorized)'''''
   * This error indicates that the role you used, is not in system:management, thus not the one that created the cluster.

 1. AWS doc for '''Unauthorized or access denied (kubectl)'''
    * https://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html#unauthorized
 1. Have to assume the original admin account/role
    * How to find the admin account / role ?
      1. install '''eksctl''' AWStool https://docs.aws.amazon.com/eks/latest/userguide/eksctl.html
      2. retrieve accounts {{{


}}}