aws-iam-authenticator未经授权

时间:2019-02-18 18:11:51

标签: kubernetes kops amazon-eks

我正在kops kubernetes集群中的aws-iam-authenticator中设置角色映射。但是用户被拒绝访问。

从aws-iam-authenticator窗格中登录:

  

time =“ 2019-02-18T17:52:18Z” level = warning msg =“访问被拒绝” arn =“ arn:aws:iam :::: role / KubernetesView” client =“ 127.0.0.1:52256”错误=“未映射ARN:arn:aws:iam :::: role / kubernetesview” method = POST path = / authenticate

但是该角色已映射到配置映射中:

$kubectl describe configmaps  aws-iam-authenticator |grep -A 5 ^server:
server:
  mapRoles:
  - roleARN: arn:aws:iam::<account id redacted>:role/KubernetesView
    username: kubernetes-view:{{SessionName}}
    groups:
    - system:masters

实际错误消息:

  

$ kubectl get pods -n kube-system   错误:您必须登录到服务器(未经授权)

     

time =“ 2019-02-18T17:52:18Z” level = warning msg =“访问被拒绝” arn =“ arn:aws:iam :::: role / KubernetesView” client =“ 127.0.0.1:52256”错误=“未映射ARN:arn:aws:iam :::: role / kubernetesview” method = POST path = / authenticate 

$kubectl describe configmaps  aws-iam-authenticator |grep -A 5 ^server:
server:
  mapRoles:
  - roleARN: arn:aws:iam::<account id redacted>:role/KubernetesView
    username: kubernetes-view:{{SessionName}}
    groups:
    - system:masters
  

$ kubectl get pods -n kube-system   错误:您必须登录到服务器(未经授权)

0 个答案:

没有答案
相关问题
最新问题