AWS Kubernetes는 aws-auth ConfigMap을 활용하여 권한을 적용합니다.
aws-auth config.yaml 파일 예시
apiVersion: v1
kind: ConfigMap
metadata:
name: aws-auth
namespace: kube-system
data:
mapRoles: |
- rolearn: arn:aws:iam::xxxxxxxxxxx:role/eks-cluster-instance-profile
username: eks-cluster-instance-profile
groups:
- system:master
mapUsers: |
- userarn: arn:aws:iam::xxxxxxxxxxx:user/nym0101
username: nym0101
groups:
- system:mastersaws-auth config map을 적용 후 role binding을 해주어야 역할이 반영됩니다.
role-binding.yaml 예시
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cluster-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: User
name: nym0101
namespace: kube-system
- kind: User
name: eks-cluster-instance-profile
namespace: kube-system
성장하는 개발자