My question: I have not any permission,why I can access K8s
[vagrant@localhost ~]$ kubectl get deployment --namespace=development
No resources found in development namespace.
Things below are my configuration.
$ cat ~/.kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: <my certificate-authority-data>
server: https://2C1A77626A2087EBA1D1123EA9398DAF.gr7.ap-northeast-1.eks.amazonaws.com
name: arn:aws:eks:ap-northeast-1:056844949861:cluster/eksworkshop-eksctl
contexts:
- context:
cluster: arn:aws:eks:ap-northeast-1:056844949861:cluster/eksworkshop-eksctl
user: arn:aws:eks:ap-northeast-1:056844949861:cluster/eksworkshop-eksctl
name: arn:aws:eks:ap-northeast-1:056844949861:cluster/eksworkshop-eksctl
current-context: arn:aws:eks:ap-northeast-1:056844949861:cluster/eksworkshop-eksctl
kind: Config
preferences: {}
users:
- name: arn:aws:eks:ap-northeast-1:056844949861:cluster/eksworkshop-eksctl
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
args:
- --region
- ap-northeast-1
- eks
- get-token
- --cluster-name
- eksworkshop-eksctl
- --role
- arn:aws:iam::056844949861:role/k8sDev
command: aws
Here are my role and, nothing in Permissions:
The reason you are able to access it is because the IAM user you are accessing the cluster is the same as the one used to create the cluster. The documenation states:
When you create an Amazon EKS cluster, the IAM entity user or role, such as a federated user that creates the cluster, is automatically granted system:masters permissions in the cluster's RBAC configuration.
In EKS, IAM users are used for authentication, but IAM roles do not control authorization. Authorization is still handled through the kubernetes RBAC system.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.