EKS上的AWS eks访问问题:AccessKubernetesApi
EKS上的AWS eks访问问题:AccessKubernetesApi
提问于 2020-12-03 23:43:00
我已经使用terraform创建了一个新的eks集群,当几个开发人员试图在aws控制台中访问该集群时,他们得到了以下错误。
有人能告诉我我错过了什么吗?
集群版本: 1.18
User: arn:aws:iam::xxxx:user/yyy is not authorized to perform: eks:AccessKubernetesApi on resource: arn:aws:eks:us-east-1:xxxx:cluster/cluster每个用户都附加了此策略
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"eks:ListFargateProfiles",
"eks:DescribeNodegroup",
"eks:ListNodegroups",
"eks:DescribeFargateProfile",
"eks:ListTagsForResource",
"eks:ListUpdates",
"eks:DescribeUpdate",
"eks:DescribeCluster",
"eks:ListClusters"
],
"Resource": "*"
}
]
}我的aws-auth配置看起来
apiVersion: v1
data:
mapRoles: |
- rolearn: arn:aws:iam::xxxx:role/cluster182020111918162137770000002f
username: system:node:{{EC2PrivateDNSName}}
groups:
- system:bootstrappers
- system:nodes
- groups:
- system:masters
rolearn: arn:aws:iam::xxxx:role/abc-role
username: abc-xac
- groups:
- system:bootstrappers
- system:nodes
rolearn: arn:aws:iam::xxx:role/cluster_eks_worker_role
username: system:node:{{EC2PrivateDNSName}}
mapUsers: |
- groups:
- system:developers
userarn: arn:aws:iam::xxx:user/yyy
username: yyy
....回答 1
Stack Overflow用户
回答已采纳
发布于 2020-12-04 05:19:17
它已经提到,用户错误地没有访问eks:AccessKubernetesApi的权限。
只需将此添加到IAM角色即可。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"eks:AccessKubernetesApi",
"eks:ListFargateProfiles",
"eks:DescribeNodegroup",
"eks:ListNodegroups",
"eks:DescribeFargateProfile",
"eks:ListTagsForResource",
"eks:ListUpdates",
"eks:DescribeUpdate",
"eks:DescribeCluster",
"eks:ListClusters"
],
"Resource": "*"
}
]
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/65129206
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号