zzh@ZZHPC:~$ aws eks update-kubeconfig --name zimple-bank --region ap-southeast-2 An error occurred (AccessDeniedException) when calling the DescribeCluster operation: User: arn:aws:iam::793698357301:user/github-ci is not authorized to perform: eks:DescribeCluster on resource: arn:aws:eks:ap-southeast-2:793698357301:cluster/zimple-bank
To fix this issue, we need to grant necessary EKS permissions to the user group which contains user github-ci:
zzh@ZZHPC:~$ aws eks update-kubeconfig --name zimple-bank --region ap-southeast-2 Added new context arn:aws:eks:ap-southeast-2:793698357301:cluster/zimple-bank to /home/zzh/.kube/config
zzh@ZZHPC:~$ cat .kube/config
Can find context in the output.
zzh@ZZHPC:~$ kubectl config use-context arn:aws:eks:ap-southeast-2:793698357301:cluster/zimple-bank Switched to context "arn:aws:eks:ap-southeast-2:793698357301:cluster/zimple-bank".
zzh@ZZHPC:~$ kubectl cluster-info ...... To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. error: You must be logged in to the server (the server has asked for the client to provide credentials)
For the reason and resolution, see https://repost.aws/knowledge-center/amazon-eks-cluster-access.
Add root user's access key to file ~/.aws/credentials:
[default] aws_access_key_id = xxxxxxxxxx aws_secret_access_key = xxxxxxxxxx [github] aws_access_key_id = xxxxxxxxxx aws_secret_access_key = xxxxxxxxxx
To use the github credential, run: export AWS_PROFILE=github
To use the default credential, run export AWS_PROFILE=default
zzh@ZZHPC:~$ kubectl cluster-info Kubernetes control plane is running at https://641E6CB44A7867FA1A1DCFD5D0E6730B.yl4.ap-southeast-2.eks.amazonaws.com CoreDNS is running at https://641E6CB44A7867FA1A1DCFD5D0E6730B.yl4.ap-southeast-2.eks.amazonaws.com/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
How to know which user your are using:
zzh@ZZHPC:~$ aws sts get-caller-identity
{
"UserId": "xxxxxx",
"Account": "000000",
"Arn": "arn:aws:iam::000000:user/github-ci"
}
zzh@ZZHPC:~$ export AWS_PROFILE=rootuser
zzh@ZZHPC:~$ aws sts get-caller-identity
{
"UserId": "xxxxxx",
"Account": "000000",
"Arn": "arn:aws:iam::000000:root"
}
How to allow user github-ci to access the EKS cluster:
Create a file named aws-auth.yaml:
zzh@ZZHPC:/zdata/Github/zimplebank$ kubectl apply -f eks/aws-auth.yaml Warning: resource configmaps/aws-auth is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically. configmap/aws-auth configured
zzh@ZZHPC:/zdata/Github/zimplebank$ export AWS_PROFILE=github zzh@ZZHPC:/zdata/Github/zimplebank$ kubectl cluster-info Kubernetes control plane is running at https://641E6CB44A7867FA1A1DCFD5D0E6730B.yl4.ap-southeast-2.eks.amazonaws.com CoreDNS is running at https://641E6CB44A7867FA1A1DCFD5D0E6730B.yl4.ap-southeast-2.eks.amazonaws.com/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 单元测试从入门到精通
· 上周热点回顾(3.3-3.9)
· winform 绘制太阳,地球,月球 运作规律