Did some one here successfully created a K8s clust...
# aws
Did some one here successfully created a K8s cluster and allowed users utlizing a specific SSO role to access this cluster?
assuming you already have an identity provider, you create an app and set it as the IdP for your cluster(s) using this pulumi resource, get the groups claim set in this app and then simply work with k8s RBAC to map these groups accordingly, you will need a credential (exec) plugin like
. You can Google EKS OIDC authentication and you will find a bunch of articles. Good luck!
Thanks for the answer. Basically I have an AWS profile that i use to authenticate against aws. When I try to access my cluster I get:
Copy code
C:\Users\nadav\Downloads\kubeconfig (1)>kubectl get nodes --kubeconfig kubeconfig
E0513 18:42:23.749731   20940 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
In addition, the same role (account admin) can't see the resources of the cluster (nodes, pods, etc).
So I'm a bit puzzled
then your question is different from the rest of this thread which seems to be user/troubleshooting related. as an advice you can start by increasing verbosity when running kubectl and see what the issue really is otherwise: the IAM principal that created the cluster is the only principal that has access to the cluster (if it was you, great) good luck!
Thanks! Basically the IAM that creates that is in a role that I use as "assume role" in a github workflow. My assumption is that the admin of the account will be able to interact with the cluster. Am I wrong? Do I need to do anything else? Any pointers will be greatly appreciated as I'm already stuck on this one for a few days 😅