feat: work through EKS tutorial #70
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Setup the basic AWS VPC
gregbrowndev
force-pushed
the
feat/eks-tutorial-part1
branch
from
b7226cf to
9aa392b
Compare
I found that I could not log into the EKS cluster when assuming the eks-admin IAM Role, as I got "unauthorised" errors. The issue was I had added the manager IAM User to the `my-admin` k8s group via the aws_eks_access_entry resource rather than the `eks-admin` IAM Role via the API. The manager IAM User does not have an IAM policy like the developer user has that allows them to DescribeCluster (or do anything with EKS). So even though the manager IAM User was added to the k8s group, they wasn't allowed to access the EKS cluster due to IAM permissions. The manager IAM User instead is allowed to assume the eks-admin IAM Role, which has the IAM Policy to access the cluster. By updating the EKS API to add the eks-admin IAM Role to the my-admin cluster group, I was able to both authenticate against the EKS cluster and was authorised to get nodes, etc.
Looks like the autoscaler is failing to deploy. It looks like it is not picking up the `cluster-autoscaler` service account which we associated the cluster-autoscaler IAM Role. The error seems to suggest it is using the node IAM Role and therefore failing because autoscaling:DescribeAutoScalingGroups is not allowed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.