I cannot get kubectl
to authenticate with the EKS Kubernetes instance my coworker created. I've followed the documentation: the AWS CLI can run aws eks
commands (I'm an AWS Full Administrator), and the heptio authenticatior is in my path and can generate tokens.
When I run kubectl
I get this error:
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.4",
GitCommit:"5ca598b4ba5abb89bb773071ce452e33fb66339d", GitTreeState:"clean",
BuildDate:"2018-06-06T15:22:13Z", GoVersion:"go1.9.6", Compiler:"gc",
Platform:"darwin/amd64"}
error: You must be logged in to the server (the server has asked for the client
to provide credentials)
Here's my ~/.kube/config file. It's the exact kubeconfig my coworker can successfully use.
apiVersion: v1
clusters:
- cluster:
server: https://myinstance.sk1.us-east-1.eks.amazonaws.com
certificate-authority-data: base64_cert name: kubernetes contexts: - context: cluster: kubernetes user: aws name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
command: heptio-authenticator-aws
args:
- "token"
- "-i"
- "dev-qa"
# - "-r"
# - "<role-arn>"
Best Answer
I needed to add my IAM user to the
mapUsers
section of the ConfigMapconfigmap/aws-auth
, per these AWS docs.You can edit the configmap using the same AWS user that initially created the cluster.