使用eksctl部署EKS集群后无法获得群集资源
使用eksctl部署EKS集群后无法获得群集资源
提问于 2019-10-15 11:29:49
我试着用eksctl部署Kubernetes集群,
集群是创建的,但我发现我有权限问题,无法从我的控制平面服务器访问Kubernetes资源。这是我得到的错误:
eksctl get iamidentitymapping --region us-east-1 --name management
[✖] getting auth ConfigMap: configmaps "aws-auth" is forbidden: User "system:node:ip-10-100-2-68.ec2.internal" cannot get resource "configmaps" in API group "" in the namespace "kube-system": no path found to object我使用eksctl的配置文件部署了集群:
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: Management
region: us-east-1
vpc:
id: "vpc-581111"
cidr: "10.100.0.0/16"
subnets:
private:
us-east-1d:
id: "subnet-5f566317"
cidr: "10.100.1.0/24"
us-east-1e:
id: "subnet-0140f96070e359d90"
cidr: "10.100.2.0/24"
iam:
serviceRoleARN: "arn:aws:iam::444444444444:role/Prod-Builder-Role"
nodeGroups:
- name: worker-1
instanceType: t3.medium
desiredCapacity: 1
iam:
instanceProfileARN: "arn:aws:iam::444444444444:instance-profile/Panpwr-Management-BuilderInstanceProfile-Y5WPPKASB38K"
instanceRoleARN: "arn:aws:iam::444444444444:role/Prod-Builder-Role"
privateNetworking: true
securityGroups:
withShared: true
withLocal: true
attachIDs: ['sg-07b5fc3403e0d76e0', 'sg-ad9d6bdf']
tags:
'environment:': 'management'从AWS的角度来看,"arn:aws:iam::444444444444:role/Prod-Builder-Role"拥有所有所需的权限,我看到我需要更改auth配置映射,但我没有访问configmap的权限。
任何帮助都将得到批准。
回答 1
Stack Overflow用户
发布于 2020-04-16 07:44:04
forbidden: User "system:node:ip-10-100-2-68.ec2.internal" cannot get resource "configmaps" in API group ""基本上,您的用户(系统:节点:IP-10-10.)没有API组。同一个集群上的超级用户(系统:主组)应该通过设置--group system:masters在主组中添加“system:node:ip-10-100-2-68.ec2.内部”
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/58393664
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号