1 Answer
- Newest
- Most votes
- Most comments
0
Hi, EKS cluster authenticate nodes to join the cluster using aws-iam-authenticator. You can check the configuration of aws-iam-authenticator
by checking aws-auth
ConfigMap
.
$ kubectl get configmap aws-auth -n kube-system
apiVersion: v1
kind: ConfigMap
metadata:
name: aws-auth
namespace: kube-system
data:
mapRoles: |
- rolearn: <ARN of instance role (not instance profile)>
username: system:node:{{EC2PrivateDNSName}}
groups:
- system:bootstrappers
- system:nodes
You should check that the ARN of instance profile attached to your nodes is listed on the mapRoles
.
Check the detail from the documentation.
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
this is what I get back.
Georges-MacBook-Pro.local:/Users/george/Desktop/ProjectsCommon/iamzanet > kubectl get configmap aws-auth -n kube-system NAME DATA AGE aws-auth 1 23h
so #1 why would this initially have worked and now suddenly not, what changed #2 why would this not be configured by eksctl during cluster create, is something missing somewhere ? trying to understand... not just fix whats broken now, but rather understand why it is also broken.
Sorry, you can try with the command
kubectl get configmap aws-auth -n kube-system -o yaml
.I cannot answer to your additional questions because I don't exactly know what did you changed from the initial status.
:) I found the -o yaml tag about 5 min ago myself ;) I've copied my arm key into the yaml file and applied it, issue my nodes are staying NotReady though
arm=> arn.......