我有一个类似的aws-auth
配置映射。在mapUsers
部分中,我想添加另一个具有主权限的用户:
apiVersion: v1
data:
mapRoles: |
- groups:
- system:bootstrappers
- system:nodes
rolearn: arn:aws:iam::XXX:role/eks-nodegroup-service-role
username: system:node:{{EC2PrivateDNSName}}
mapUsers: |
- userarn: arn:aws:iam::XXX:user/k8s-admin
username: k8s-admin
groups:
- system:masters
mapAccounts: |
- "XXX"
kind: ConfigMap
metadata:
name: aws-auth
namespace: kube-system
但在使用k8s-admin
用户时,我仍然会遇到一个错误:error: You must be logged in to the server (Unauthorized)
。
[编辑]我添加了mapAccounts
。现在的错误是:Error from server (Forbidden): pods is forbidden: User "arn:aws:iam::XXX:user/k8s-admin" cannot list resource "pods" in API group "" in the namespace "default
mapUsers: |
- userarn: arn:aws:iam::XXX:user/k8s-admin
username: k8s-admin
groups:
- system:masters
您上面的陈述不正确,请尝试:
...
mapUsers: |
- userarn: arn:aws:iam::XXX:user/k8s-admin
username: k8s-admin
groups:
- system:masters
...