Tuesday, May 17, 2022

solving error: Your current user or role does not have access to Kubernetes objects on this EKS cluster.

Trying to access EKS cluster with kubectl you might get an error similar to:

Your current user or role does not have access to Kubernetes objects on this EKS cluster
This may be due to the current user or role not having Kubernetes RBAC permissions to describe cluster resources or not having an entry in the cluster’s auth config map

it can happen on for example terraform created clusters or a new user joing organization.

so what happened was that EKS being amazon product by default relies on amazon security structure for RBAC and the role you currently use was not set to access it.

you can see the idenity mappings on your cluster with:

eksctl get iamidentitymapping --cluster YOUR_CLUSTER --region=YOUR_REGION

and you can add needed role using eksctl (no need for kubectl since those are rules beforehand)

eksctl create iamidentitymapping \
 --cluster YOUR_CLUSTER\
 ---region=YOUR_REGION\
 --arn arn:aws:iam::123456:role/YOUR_ROLE\
 --username admin \
 --group system:masters

and of you can delete the roles you no longer use with:

eksctl delete iamidentitymapping\
 --cluster YOUR_CLUSTER\
 --region=YOUR_REGION\
 --arn arn:aws:iam::123456:role/YOUR_ROLE
By -
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

solving error: Your current user or role does not have access to Kubernetes objects on this EKS cluster.

Trying to access EKS cluster with kubectl you might get an error similar to: Your current user or role does not have access to Kubernetes ob...