Configure CLI to access Kubernetes (EKS) cluster

How to setup CLI to access the K8S cluster

• Ensure aws cli and kubectl both are installed
• Run aws configure and provide the credentials of the user
• Update the kube config using the command

$ aws eks --region ap-south-1 update-kubeconfig --name CLUSTER_NAME
Updated context arn:aws:eks: ....  in /home/ubuntu/.kube/config        

• Verify by running the kubectl command

$ kubectl get pods -A
NAMESPACE     NAME                    READY   STATUS    RESTARTS AGE
kube-system   coredns-6b8f7fdc6c-kgtwn 0/1     Pending   0       26m        

• If the above command fails ensure you have provided the correct credentials and the user has access to the cluster. Refer #Notes section for more details

Notes

• When an EKS cluster is created, the user who created that cluster becomes the cluster creator and by default only the cluster creator can access the cluster
• However a cluster creator can provide access to other IAM users using the aws-auth map. This can be done using the below command

$ eksctl create iamidentitymapping \
--cluster CLUSTER_NAME \
--arn arn:aws:iam::ACCOUNT_ID:role/IAM_ROLE_NAME \
--username IAM_USERNAME \
--group system:masters

2023-11-25 06:39:55 [ℹ]  checking arn arn:aws:iam::... against entries in the auth ConfigMap
2023-11-25 06:39:55 [ℹ]  adding identity "arn:aws:iam::..." to auth ConfigMap        

verify

$ kubectl describe configmap aws-auth -n kube-system        

# OR
$ eksctl get iamidentitymapping --cluster CLUSTER_NAME