いつもわからなくなるのでメモ。
apiVersion: v1 kind: ConfigMap metadata: name: aws-auth namespace: kube-system data: mapRoles: | - groups: - system:bootstrappers - system:nodes rolearn: arn:aws:iam::XXXXXXXXXX:role/eksctl-ekshandson-nodegroup-ng-27-NodeInstanceRole-4U12PRS80UJH username: system:node:{{EC2PrivateDNSName}} - rolearn: arn:aws:iam::XXXXXXXXXX:role/Admin username: Admin:{{SessionName}} groups: - system:masters mapUsers: | - userarn: arn:aws:iam::XXXXXXXXXX:user/sotosugi username: sotosugi groups: - system:masters
eksctlでIAMロールを追加する場合は以下のようにする。
CLUSTER_NAME="hogehoge" USER_NAME="Admin:{{SessionName}}" AWS_ACCOUNT_ID=$(aws sts get-caller-identity --output text --query Account) ROLE_ARN="arn:aws:iam::${AWS_ACCOUNT_ID}:role/Admin" eksctl create iamidentitymapping --cluster ${CLUSTER_NAME} --arn ${ROLE_ARN} --username ${USER_NAME} --group system:masters