다른 IAM 계정에서 EKS-Cluster 조작 방법

인프라/AWS

다른 IAM 계정에서 EKS-Cluster 조작 방법

너랑노랑 2023. 9. 12. 21:13

다른 iam에서 k8s cluster 접근하고 싶으면

kubectl edit -n kube-system configmap/aws-auth

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  mapUsers: |
    - userarn: arn:aws:iam::12341234321123:user/user
      username : test
      groups:
        - system:masters
kind: ConfigMap
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","data":{"mapRoles":"- rolearn: arn:aws:iam::955718581810:role/EKS_CLUSTER_ROLE\n  username: system:node:{{EC2PrivateDNSName}}\n  groups:\n    - system:bootstrappers\n    - system:nodes\n"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"aws-auth","namespace":"kube-system"}}
  creationTimestamp: "2023-09-08T12:59:59Z"
  name: aws-auth
  namespace: kube-system
  resourceVersion: "12328"
  uid: 41254f78-cf2b-4ce5-99a8-635dd29988d9

arn 부분 수정

cli에서 aws 로그인 후

aws eks update-kubeconfig --region ap-northeast-2 --name k8s-cluster

명령어를 써보면

정상 작동 하는 것을 볼 수 있습니다.