You should not create the cluster with root account. Instead create a user or if you want to install EKS with aws cli create IAM role for the EC2 instance that you are going to run aws cli commands or cloudformation template.
This could be because the cluster was created with one set of AWS credentials (from an IAM user or role), and kubectl is using a different set of credentials.
Permannent Solution:
When an Amazon EKS cluster is created, the IAM entity (user or role) that creates the cluster is added to the Kubernetes RBAC authorization table as the administrator (with system:masters permissions). Initially, only that IAM user can make calls to the Kubernetes API server using kubectl .
If you use the console to create the cluster, you must ensure that the same IAM user credentials are in the AWS SDK credential chain when you are running kubectl commands on your cluster.
Quick Fix
- Generate Access Key ID of root user
- Generate Secret Access Key ID of root user
- Edit AWS credentials file
$ vi .aws/credentials
$ aws eks update-kubeconfig --region ap-south-1 --name my-cluster
$ kubectl get svc
How to add More IAM Users to RBAC?
Login AWS CLI using a IAM user using which you created a clustor and Add New IAM user. To map an IAM user to a Kubernetes RBAC, pleae follow below steps
When you create an Amazon EKS cluster, the IAM entity user or role, such as a federated user that creates the cluster, is automatically granted system:masters permissions in the cluster’s RBAC configuration in the control plane.
This IAM entity does not appear in the ConfigMap, or any other visible configuration, so make sure to keep track of which IAM entity originally created the cluster. To grant additional AWS users or roles the ability to interact with your cluster, you must edit the aws-auth ConfigMap within Kubernetes.
Follow a steps
- https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
- https://faun.pub/add-new-user-to-manage-aws-eks-e487c5d10ee3
- DevOps Certified Professionals (DCP)
- Site Reliability Engineering Certified Professionals (SRECP)
- Master in DevOps Engineering (MDE)
- DevSecOps Certified Professionals (DSOCP)
URL - https://www.devopsschool.com/certification/
My Linkedin - https://www.linkedin.com/in/rajeshkumarin
- What is Mobile Virtual Network Operator? - April 18, 2024
- What is Solr? - April 17, 2024
- Difference between UBUNTU and UBUNTU PRO - April 17, 2024
