i try to access an EKS cluster on AWS with AWS Account (same i use for the console)
steps i followed :
aws configure
with info provided in the "Command line or programmatic access" (AWS Access Key Id/AWS Secret access key) + add the AWS session token in the credential file.
aws eks update-kubeconfig --name XXXXXXX --region eu-west-1
in the ConfigMap : aws-auth file i added - system:masters
in the groups of my role
is it ok to add this here ?
mapRoles: |
- groups:
- system:bootstrappers
- system:nodes
rolearn: arn:aws:iam::XXXXXXXX:role/XXXXXXXX-group-role
username: system:node:{{EC2PrivateDNSName}}
- groups:
- eks-console-dashboard-full-access-group
- system:masters <<--- [[ is it ok to add this group here ?? ]]
rolearn: arn:aws:iam::MYACCOUNT:role/AWSReservedSSO_AdministratorAccess_XXXXXXXX
username: AWSReservedSSO_AdministratorAccess_XXXXXXXX
then i try kubectl get svc : and i get :
E0207 16:37:31.292453 45292 memcache.go:238] couldn't get current server API group list: Get "https://XXXXXXXXXXXXXX.sk1.eu-west-1.eks.amazonaws.com/api?timeout=32s": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
what does that error mean ? is it a rights problem ? a networking problem ? (security groups allows my ip) thanks for your help
system:masters
question, yes, it should be fine although there's no reason to be in both groups sincesystem:masters
is, AFAIK, as high as it gets in k8s RBAC authorities