AWS EKS Cluster Configuration
Guide for configuring AWS EKS for Hava
PreviousAutomatic Import of Managed KubernetesNextConverting certificate files to certificate data fields
Last updated
Was this helpful?
Guide for configuring AWS EKS for Hava
Last updated
Was this helpful?
Unfortunately AWS IAM does not support giving a role or user access to the EKS clusters from the parent account, so a config change has to be added to each cluster. This guide will step you through setting up a clusterrole with the appropriate access, binding it to a Kubernetes group, and connecting it to an AWS role for access using AWS IAM.
In this guide we use eksctl to apply changes to the aws-auth config map, you can do this directly as well if you don't have eksutil installed. See for more information about modifying aws-auth
First we will create a new read-only cluster role and bind it to a group called hava-ro, which we will use later.
The below yaml manifest will set up the role and the binding, download it and apply it to your kubernetes cluster using kubectl
kubectl apply -f <file name>
Next we will use eksctl to update the aws-auth config map to allow your role used for cross account access to the cluster.
Make sure you are logged in to an AWS user that has access to the cluster, and run the following command.
eksctl create iamidentitymapping --cluster <cluster name> --region=<region name> --arn <cross account role arn> --group hava-ro --username hava-ro
Replace:
<cluster name> with the name of the cluster you are updating
<cross account role arn> is the ARN of the role you provide to Hava to import your data
<region name> with the name of the cluster
Last thing to do is to trigger the synchronization for the source in the hava UI, to import your Kubernetes information and draw a container diagram for your EKS cluster