aws-auth | Manage the aws-auth config map for EKS Kubernetes clusters | Cloud Storage library
kandi X-RAY | aws-auth Summary
kandi X-RAY | aws-auth Summary
Manage the aws-auth config map for EKS Kubernetes clusters
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- UpsertMultiple adds multiple mapRoles to the auth map
- getKubernetesClient returns a Kubernetes client
- helper function to remove a role from authMaps
- Removes an existing UsersAuthMap
- WithRetry calls fn with retries .
- ReadAuthMap reads an auth map
- removeByUsernameCmd returns a cobra . Command for remove by username
- upsertRole adds the given resource to the list of roles
- upsertUser inserts a new UsersAuthMap into authMaps
- UpdateAuthMap updates ConfigMap
aws-auth Key Features
aws-auth Examples and Code Snippets
Lines of Code : 53License : Permissive (Apache-2.0)
Copy$ aws-auth
aws-auth modifies the aws-auth configmap on eks clusters
Usage:
aws-auth [command]
Available Commands:
help Help about any command
remove remove removes an auth-map from mapRoles or mapUsers
remove-by-username remove-
package main
import (
awsauth "github.com/keikoproj/aws-auth/pkg/mapper"
)
func someFunc(client kubernetes.Interface) error {
awsAuth := awsauth.New(client, false)
myUpsertRole := &awsauth.MapperArguments{
MapRoles: true,
$ docker run \
-v ~/.kube/:/root/.kube/ \
-v ~/.aws/:/root/.aws/ \
keikoproj/aws-auth:latest \
aws-auth upsert --mapusers \
--userarn arn:aws:iam::555555555555:user/a-user \
--username admin \
--groups system:masters
Community Discussions
Trending Discussions on aws-auth
QUESTION
I'm trying to deploy a cluster with self managed node groups. No matter what config options I use, I always come up with the following error:
Error: Post "http://localhost/api/v1/namespaces/kube-system/configmaps": dial tcp 127.0.0.1:80: connect: connection refusedwith module.eks-ssp.kubernetes_config_map.aws_auth[0]on .terraform/modules/eks-ssp/aws-auth-configmap.tf line 19, in resource "kubernetes_config_map" "aws_auth":resource "kubernetes_config_map" "aws_auth" {
The .tf file looks like this:
...ANSWER
Answered 2022-Feb-03 at 16:16Based on the example provided in the Github repo [1], my guess is that the provider configuration blocks are missing for this to work as expected. Looking at the code provided in the question, it seems that the following needs to be added:
QUESTION
I want to set up a EKS cluster, enabling other IAM users to connect and tinker with the cluster. To do so, AWS recommends patching a config map, which I did. Now I want to enable the same “feature” using terraform.
I use terraforms EKS provider and read in the documentation in section "Due to the plethora of tooling a..." that basically authentication is up to myself.
Now I use the Terraform Kubernetes provider to update this config map:
...ANSWER
Answered 2022-Jan-07 at 16:38I use 17.24.0 and have no idea what is new with 18.0.3.
In my case, I follow this example: https://github.com/terraform-aws-modules/terraform-aws-eks/blob/v17.24.0/examples/complete/main.tf
My main.tf
QUESTION
I'm trying to execute the following command:
kubectl get cm aws-auth -n kube-system -o json | jq --arg add "`cat additional_roles_aws_auth.yaml`" '.data.mapRoles += $add' | kubectl apply -f -
as part of a local Terraform exeuction as follows:
ANSWER
Answered 2022-Feb-05 at 20:25As per my comment: the KUBECONFIG environment variable needs to be a list of configuration files and not the content of the file itself [1]:
The KUBECONFIG environment variable is a list of paths to configuration files.
The original problem was that the content of the file was encoded in base64 format [2] and used in that format without decoding it before. Thankfully, Terraform has both functions built-in, so using base64decode [3] would return the "normal" file content. Still, it would be the file content and not path to the config file. Based on the other comments, I guess the important thing to note is the additional_roles_aws_auth.yaml file has to be in the same directory as the root module. As the command is a bit more complicated, I am not sure if you could use Terraform built-in path object [4] to make sure the file is searched for in the root of the module:
QUESTION
I am trying to host an application in AWS Elastic Kubernetes Service(EKS). I have configured the EKS cluster using the AWS Console using an IAM user (user1). Configured the Node Group and added a Node to the EKS Cluster and everything is working fine.
In order to connect to the cluster, I had spin up an EC2 instance (Centos7) and configured the following:
1. Installed docker, kubeadm, kubelet and kubectl.
2. Installed and configured AWS Cli V2.
I had used the AWS_ACCESS_KEY_ID and AWS_SECRET_KEY_ID of user1 to configure AWS Cli from within the EC2 Instance in order to connect to the cluster using kubectl.
I ran the below commands in order to connect to the cluster as user1:
1. aws sts get-caller-identity
2. aws eks update-kubeconfig --name trojanwall --region ap-south-1
I am able to do each and every operations in the EKS cluster as user1.
However, I have now create a new user named 'user2' and I have replaced the current AWS_ACCESS_KEY_ID and AWS_SECRET_KEY_ID with that of user2. Did the same steps and when I try to run 'kubectl get pods', I am getting the following error:
error: You must be logged in to the server (Unauthorized)
Result after running kubectl describe configmap -n kube-system aws-auth as user1:
...ANSWER
Answered 2021-Dec-28 at 08:39When you create an EKS cluster, only the user that created a cluster has access to it. In order to allow someone else to access the cluster, you need to add that user to the aws-auth. To do this, in your data section, add
QUESTION
I'm migrating to AWS SSO for cli access, which has worked for everything except for kubectl so far. While troubleshooting it I followed a few guides, which means I ended up with some cargo-cult behaviour, and I'm obviously missing something in my mental model.
...ANSWER
Answered 2021-Dec-07 at 17:12.aws/config had a subtle error - [profile default] isn't meaningful, so the two blocks should have been merged into [default]. Only the non-default profiles should have profile in the name.
QUESTION
Already saw this particular post kubectl error You must be logged in to the server (Unauthorized) when accessing EKS cluster and followed some guides from AWS but still no success..
I'm creating a CI/CD pipeline. But CodeBuild is apparently not authorized to access the EKS cluster. I went to the specific CodeBuild role and added the following policies:
- AWSCodeCommitFullAccess
- AmazonEC2ContainerRegistryFullAccess
- AmazonS3FullAccess
- CloudWatchLogsFullAccess
- AWSCodeBuildAdminAccess
Also created and added the following policy:
...ANSWER
Answered 2021-Nov-10 at 21:33GOT IT!
I used the role that CodeBuild created automatically.. But by creating a new role with the mandatory policies and edit this in CodeBuild, those steps above will succeed.. If anyone can further explain this that would be great!
QUESTION
New to EKS, Learning. I understand that Access can be provided to IAM Users/Roles by adding to the aws-auth config map, but when the cluster was created the first time, the AWS-auth has only one entry.
...ANSWER
Answered 2021-Oct-25 at 09:18https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html:
When you create an Amazon EKS cluster, the IAM entity user or role... is automatically granted system:masters permissions in the cluster's RBAC configuration in the control plane.
You are already the admin as you are the creator of the cluster.
QUESTION
i have the follow question. i try connect to eks cluster using a Terraform with Gitlab CI/CD , i receive the error message , but when try it in my compute , this error dont appear, someone had same error ?
...ANSWER
Answered 2021-Oct-14 at 04:53The error message tells you the authconfig.yaml file can not be converted from YAML to JSON, suggesting it's not a valid yaml
The cat authconfig.yaml you're showing us includes some < and EOT tags. I would suggest to remove those, before running kubectl create -f
Your comment suggests you knew this already - then why didn't you ask about terraform, rather than showing us kubectl create failing? From your post, it really sounded like you copy/pasted the output of your job, without even reading it.
So, obviously, the next step is to terraform output -raw, or -json, there are several mentions in their docs, or knowledge base, a google search would point you to:
- https://discuss.hashicorp.com/t/terraform-outputs-with-heredoc-syntax-leaves-eot-in-file/18584/7
- https://www.terraform.io/docs/cli/commands/output.html
Last: we could ask why? Why would you terraform output > something, when you can have terraform write a file?
While as a general rule, whenever writing terraform stdout/stderr to files, I strongly suggest going with no-color.
QUESTION
I am getting a duplicate class error for AWS API and AWS Appsync services in my android app. I have tried downgrading the versions but that causes bugs in other files. I have tried the solutions in this post: Android Studio: Resolving Duplicate Classes. None of these seem to work as they only cause more bugs or no changes.
Here is the error:
...ANSWER
Answered 2021-Sep-08 at 16:19if you want to invoke AWS Services from an Android app, then I suggest looking at the new AWS SDK for Kotlin. This is still a new API; however, there is an example that shows you how to invoke AWS Services such as Amazon DynamoDB.
As far as duplicate libs, I saw that too when i specified the sns dependencies. To eliminate that issue, the Gradle build file was set to:
QUESTION
I created an EC2 instance and an EKS cluster in the same AWS account. In order to use the EKS cluster from EC2, I have to grant necessary permissions to it.
I added an instance profile role with some EKS operation permissions. Its role arn is arn:aws:iam::11111111:role/ec2-instance-profile-role(A) on dashboard. But in the EC2 instance, it can be found as arn:aws:sts::11111111:assumed-role/ec2-instance-profile-role/i-00000000(B).
ANSWER
Answered 2021-Aug-13 at 05:05- name: external-staging
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
args:
- exec
- test-dev
- --
- aws
- eks
- get-token
- --cluster-name
- eksCluster-1234
- --role-arn
- arn:aws:iam::3456789002:role/eks-cluster-admin-role-e65f32f
command: aws-vault
env: null
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install aws-auth
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
