我正在尝试使用 eksctl 部署 Kubernetes 集群,
集群已创建,但我发现我有权限问题,并且无法从我的控制平面服务器访问 Kubernetes 资源。 这是我得到的错误:
eksctl get iamidentitymapping --region us-east-1 --name management
[✖] getting auth ConfigMap: configmaps "aws-auth" is forbidden: User "system:node:ip-10-100-2-68.ec2.internal" cannot get resource "configmaps" in API group "" in the namespace "kube-system": no path found to object
我已经使用 eksctl 的配置文件部署了集群:
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: Management
region: us-east-1
vpc:
id: "vpc-581111"
cidr: "10.100.0.0/16"
subnets:
private:
us-east-1d:
id: "subnet-5f566317"
cidr: "10.100.1.0/24"
us-east-1e:
id: "subnet-0140f96070e359d90"
cidr: "10.100.2.0/24"
iam:
serviceRoleARN: "arn:aws:iam::444444444444:role/Prod-Builder-Role"
nodeGroups:
- name: worker-1
instanceType: t3.medium
desiredCapacity: 1
iam:
instanceProfileARN: "arn:aws:iam::444444444444:instance-profile/Panpwr-Management-BuilderInstanceProfile-Y5WPPKASB38K"
instanceRoleARN: "arn:aws:iam::444444444444:role/Prod-Builder-Role"
privateNetworking: true
securityGroups:
withShared: true
withLocal: true
attachIDs: ['sg-07b5fc3403e0d76e0', 'sg-ad9d6bdf']
tags:
'environment:': 'management'
serviceRoleARN:"arn:aws:iam::444444444444:role/Prod-Builder-Role">拥有 AWS 所需的所有权限,我看到我需要更改 aws-auth 配置映射,但我没有访问配置映射的权限。
任何帮助都将得到批准。
forbidden: User "system:node:ip-10-100-2-68.ec2.internal" cannot get resource "configmaps" in API group ""
基本上,您的用户(system:node:ip-10-10...(没有API组。 同一集群上的超级用户(具有系统:主组(应通过设置在主组中添加"system:node:ip-10-100-2-68.ec2.internal"--group system:masters