I am following the step guide to set up and kubernetes environment on AWS.
https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html#role-create
It already had some gochchas.. and they have been answered partially.
- https://stackoverflow.com/questions/51135795/error-the-server-doesnt-have-resource-type-svc
- https://stackoverflow.com/questions/50791303/kubectl-error-you-must-be-logged-in-to-the-server-unauthorized-when-accessing
For some reason, people were able to resolve using these guidelines available in these answers, and I still could not break it.
could not get token: AccessDenied: User: arn:aws:iam::sssssss:user/testprofileUser is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::sssssssss:role/eksServiceRole
What I have done:
- I created an IAM user with Admin privileges.(servicesDev).
- Created a IAM Role for EKS service (amazonEKSServiceRole)
amazonEKSServiceRole has a trust relationship as below,
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
This is my kubeconfig file,
apiVersion: v1
clusters:
- cluster:
server: https://7F30ANNSDSDMDCE1.ylq.us-east-1.eks.amazonaws.com
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURB...
name: clouddev
contexts:
- context:
cluster: clouddev
user: aws
name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
command: aws-iam-authenticator
args:
- "token"
- "-i"
- "clouddev"
- "-r"
- "arn:aws:iam::xxxxx:role/amazonEKSServiceRole"
env:
- name: AWS_PROFILE
value: "testprofile"
To be clear I have a testprofile
setup correctly in ~/.aws/credentials
If anybody can shed some light greatly appreciated.