Amazon EKS Operations: Difference between revisions
Line 40: | Line 40: | ||
<syntaxhighlight lang='bash'> | <syntaxhighlight lang='bash'> | ||
aws eks [--region us-east-1] update-kubeconfig --name example-eks-cluster [--alias <context-alias>] | aws eks [--region us-east-1] update-kubeconfig --name example-eks-cluster [--alias <context-alias>] [--role-arn arn:aws:iam::999999999999:role/some-role] | ||
</syntaxhighlight> | </syntaxhighlight> | ||
This command constructs a configuration with pre-populated server and certificate authority data values for the cluster specified by name. If the IAM user implied by the default AWS CLI configuration has been configured to have access, that should be sufficient. Otherwise, a specific IAM Role can be specified with the --role-arn option. | |||
If the right region is configured in the profile, there is no need to be specified. | If the right region is configured in the profile, there is no need to be specified. |
Revision as of 00:35, 8 August 2020
External
Internal
Overview
Cluster Information
Cluster Status
aws eks [--region us-east-1] describe-cluster --name example-cluster --query "cluster.status"
"ACTIVE"
If the right region is configured in the profile, there is no need to be specified.
Cluster Endpoint
aws eks [--region us-east-1] describe-cluster --name example-cluster --query "cluster.endpoint" --output text
https://FDXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.gr0.us-east-1.eks.amazonaws.com
If the right region is configured in the profile, there is no need to be specified.
Cluster Certificate Authority
aws eks [--region us-east-1] describe-cluster --name example-cluster --query "cluster.certificateAuthority.data" --output text
LS0t...LQo=
If the right region is configured in the profile, there is no need to be specified.
Connect to an EKS Cluster with kubectl
Update .kube/config with the EKS cluster definition as follows:
aws eks [--region us-east-1] update-kubeconfig --name example-eks-cluster [--alias <context-alias>] [--role-arn arn:aws:iam::999999999999:role/some-role]
This command constructs a configuration with pre-populated server and certificate authority data values for the cluster specified by name. If the IAM user implied by the default AWS CLI configuration has been configured to have access, that should be sufficient. Otherwise, a specific IAM Role can be specified with the --role-arn option.
If the right region is configured in the profile, there is no need to be specified.
If no alias is used, the default is the cluster ARN.
The result is to add a new context to .kube/config:
Added new context arn:aws:eks:us-east-1:999999999999:cluster/example-eks-cluster to /Users/testuser/.kube/config
The default name of the context is the name of the IAM role, but it can be changed to make it more wieldy.