| Info |
|---|
The article instructs on how to provide access to Amazon EKS Cluster resources for Cloudaware to discover EKS resources automatically. |
Cloudaware support the following options of configuration access to EKS:
| Table of Contents |
|---|
Full Access
1. Ensure that the AWS credentials that kubectl is using are already authorized for your cluster (the IAM user that created the cluster has required permissions by default).
...
groups - a list of groups within Kubernetes where the role is mapped to (doesn't require changes). Check Default Roles and Role Bindings for more information.
Read-Only Access
2. In case you would like to grant the read-only access for Cloudaware allowing creation of ClusterRole and ClusterRole Binding in Kubernetes:
2. 1. Create cloudaware-rbac.yaml using the section below:
...
ClusterRole cloudaware-reader grants read access to all resources within the cluster. ClusterRoleBinding cloudaware-binding maps the aforementioned cluster role to Cloudaware User.
2. 2 Run the following command:
| Code Block |
|---|
kubectl create -f cloudaware-rbac.yaml |
2. 3. To map IAM users and roles to Kubernetes users in the EKS cluster, define them in the aws-auth ConfigMap which should exist after creation of your cluster. To add an IAM role to the cluster, modify this ConfigMap by adding the respective ARN and Kubernetes username value to the mapRole property as an array item. To perform the modification, run the following command:
...
Make sure to not remove the existing mappings in mapRoles and/or mapUsers sections. You only need to append a role for Cloudaware.
Further Configuration
| Note |
|---|
If your Amazon EKS Cluster is running in a private network, check this guide to install Cloudaware Breeze agent for secure connection. |
...