鐵人賽
AWS
Outposts
EKS
Kubernetes
aws-auth.yaml
調整 ConfigMapsystem:masters
This IAM entity does not appear in the ConfigMap, or any other visible configuration, so make sure to keep track of which IAM entity originally created the cluster.
aws eks --region ap-northeast-1 update-kubeconfig --name ironman-cluster --profile theprofilename
--region
後面加上 代表東京的那串--profile
會去指定,呼叫 aws cli 命令時,要使用 ~/.aws/credentials
中的哪一組 AWS API Key/Secret 去存取update-kubeconfig
會去對 ~/.kube/config
做配置檔的寫入,這個檔案會紀錄 kubectl 所能操作的叢集資訊、預設的叢集資訊curl -o aws-auth-cm.yaml https://amazon-eks.s3.us-west-2.amazonaws.com/cloudformation/2020-10-29/aws-auth-cm.yaml
arn:aws:iam::999999999999:role/xxxx-NodeInstanceRole-XXXXXXXXXXXX
apiVersion: v1
kind: ConfigMap
metadata:
name: aws-auth
namespace: kube-system
data:
mapRoles: |
- rolearn: arn:aws:iam::999999999999:role/xxxx-NodeInstanceRole-XXXXXXXXXXXX
username: system:node:{{EC2PrivateDNSName}}
groups:
- system:bootstrappers
- system:nodes
aws-auth-ironman.yaml
❯ kubectl apply -f aws-auth-ironman.yaml
configmap/aws-auth created
❯ kubectl get nodes --watch
NAME STATUS ROLES AGE VERSION
ip-10-56-3-130.ap-northeast-1.compute.internal NotReady <none> 0s v1.17.17-eks-ac51f2
❯ kubectl get nodes
NAME STATUS ROLES AGE VERSION
ip-10-56-3-130.ap-northeast-1.compute.internal Ready <none> 81m v1.17.17-eks-ac51f2
❯ kubectl get deployments --all-namespaces
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
kube-system coredns 2/2 2 2 22h
aws-auth-ironman.yaml
eks-admin
是另外一個 IAM 使用者kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
所部署的內容,下載下來看看,或是直接部署!