GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → prabhatsharma → eksuser

prabhatsharma / eksuser

Licence: Apache-2.0 license
Utility to manage Amazon EKS users

Programming Languages

go
31211 projects - #10 most used programming language
shell
77523 projects

eksuser

eksuser is a convenience utility that you can use to manage Amazon EKS users.

It allows you to add, update and delete existing IAM users to EKS. It also allows you to add/delete users of an existing IAM group to EKS.

Prerequisites

  1. An Amazon EKS cluster is installed and running
  2. aws-cli is configured
  3. kubectl and aws-iam-authenticator are configured
  4. Existing kubernetes groups that have access

You can create a Role/ClusterRole and then create a binding to the group:

dev-role1.yaml - A Role that gives rights to everything in namespace app1

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: super-developer
  namespace: app1
rules:
- apiGroups: ["*"]
  resources: ["*"]
  verbs: ["*"]

---

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: super-developer
  namespace: app1
subjects:
- kind: Group
  name: super-developer
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: super-developer
  apiGroup: rbac.authorization.k8s.io
$ kubectl apply -f dev-role1.yaml

admin-cluster-role1.yaml - A ClusterRole that gives super privileges on cluster

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: super-admin
rules:
- apiGroups: [ "*" ]
  resources: ["*"]
  verbs: ["*"]
- nonResourceURLs: ["*"]
  verbs: ["*"]

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: super-admin
subjects:
- kind: Group
  name: super-admin
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: super-admin
  apiGroup: rbac.authorization.k8s.io
$ kubectl apply -f admin-cluster-role1.yaml

Now to add an existing IAM user to EKS:

$ eksuser add --user=prabhat --group=super-admin
$ eksuser add --user=prabhat --group=super-admin,super-developer

To provide an IAM user admin rights on cluster:

$ eksuser add --user=prabhat --group=system:masters

To update an existing IAM user to EKS:

$ eksuser update --user=prabhat --group=super-developer

To delete an existing IAM user to EKS:

$ eksuser delete --user=prabhat

Remember that it does not delete the IAM user from AWS IAM, just the IAM user entry from EKS.

To add all users of an AWS IAM group to EKS:

$ eksuser add --iamgroup=admin --group=system:masters

To delete all users of an AWS IAM group from EKS:

$ eksuser delete --iamgroup=admin

Generate kubeconfig file

On user's machine who has been added to EKS, they can configure .kube/config file using the following command:

$ aws eks update-kubeconfig --name cluster_name

Installation

Download binaries from releases page and place the binary in PATH

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].