将GitLab与EKS集成时无法通过AWS进行身份验证

时间:2020-08-30 06:57:32

标签: amazon-web-services kubernetes gitlab amazon-eks gitlab-ce

试图将GitLab 13.3.2 CE(部署在本地服务器上)与EKS集成。

First I provided the Account ID, Access Key and Secret Key. (Admin Area -> Settings -> Integrations) Also Enabled EKS Integration.

第二,我使用指定链接中提到的策略在各自的帐户中创建了一个IAM角色。 (https://docs.gitlab.com/ce/user/project/clusters/add_eks_clusters.html)精心执行了此链接中提到的所有步骤。

aws iam角色附带的政策,

以下是创建IAM角色的步骤,

  1. 登录到IAM控制台
  2. 单击左侧菜单中的“角色”部分。
  3. 选择受信任实体的类型作为“另一个AWS账户”
  4. 填写了帐户ID
  5. 提供了GitLab项目的Kubernetes控制台中提到的外部ID

Clicked on the Respective Project, Operations -> Kubernetes -> Add Kubernetes Cluster -> Create New Cluster on Amazon EKS 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "autoscaling:CreateAutoScalingGroup",
                "autoscaling:DescribeAutoScalingGroups",
                "autoscaling:DescribeScalingActivities",
                "autoscaling:UpdateAutoScalingGroup",
                "autoscaling:CreateLaunchConfiguration",
                "autoscaling:DescribeLaunchConfigurations",
                "cloudformation:CreateStack",
                "cloudformation:DescribeStacks",
                "ec2:AuthorizeSecurityGroupEgress",
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:RevokeSecurityGroupEgress",
                "ec2:RevokeSecurityGroupIngress",
                "ec2:CreateSecurityGroup",
                "ec2:createTags",
                "ec2:DescribeImages",
                "ec2:DescribeKeyPairs",
                "ec2:DescribeRegions",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeSubnets",
                "ec2:DescribeVpcs",
                "eks:CreateCluster",
                "eks:DescribeCluster",
                "iam:AddRoleToInstanceProfile",
                "iam:AttachRolePolicy",
                "iam:CreateRole",
                "iam:CreateInstanceProfile",
                "iam:CreateServiceLinkedRole",
                "iam:GetRole",
                "iam:ListRoles",
                "iam:PassRole",
                "ssm:GetParameters"
            ],
            "Resource": "*"
        }
    ]
}

此后,我复制了新创建角色的ARN,并在“我的项目”的Kubernetes部分中使用了它。 ()

已将其作为响应Error: Request failed with status code 422

Response after clicking on "Authenticate with AWS"

1 个答案:

答案 0 :(得分:1)

将此策略附加到在GitLab中启用EKS时使用了访问密钥和秘密密钥的用户。

{
    "Version": "2012-10-17",
    "Statement": {
        "Effect": "Allow",
        "Action": "sts:AssumeRole",
        "Resource": "arn:aws:iam::<<account-id>>:role/gitlab-eks-4"
    }
}

这为用户提供了担任gitlab-eks角色的特权(已创建该角色,并且在进行EKS集成时已赋予其ARN)

相关问题
最新问题