...
b. To add an IAM role: add the role details to the mapRoles section of the ConfigMap under data. Use the section below if it is not present in the file:
| Code Block |
|---|
apiVersion: v1
kind: ConfigMap
metadata:
name: aws-auth
namespace: kube-system
data:
mapRoles: |
- rolearn: <CLOUDAWARE_ROLE_ARN>
username: system:node:{{EC2PrivateDNSName}}
groups:
- system:masters |
...
2. In case you would like to grant the read-only access for Cloudaware allowing creation of ClusterRole and ClusterRole Binding in Kubernetes, use run the following command:
| Code Block |
|---|
kubectl create -f cloudaware-rbac.yaml |
Use the section below:
| Code Block |
|---|
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cloudaware-reader
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cloudaware-binding
subjects:
- kind: User
name: cloudaware
namespace: default
apiGroup: ""
roleRef:
kind: ClusterRole
name: cloudaware-reader
apiGroup: "" |
ClusterRole cloudaware-reader grants read access to all resources within the cluster. ClusterRoleBinding cloudaware-binding maps the aforementioned cluster role to Cloudaware User.
...