Last active
July 31, 2023 09:59
-
-
Save robincher/28c83bbae2bb9752b84a72bf1d8b7600 to your computer and use it in GitHub Desktop.
Patching aws-auth for EKS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export AWS_ACCOUNT_ID=$1 | |
| export AWS_INSTANCE_ROLE=$2 | |
| export EKS_CLUSTER_NAME=$3 | |
| if [ -z "$AWS_ACCOUNT_ID" ] | |
| then | |
| echo -n "AWS Account Number: " | |
| read AWS_ACCOUNT_ID | |
| else | |
| echo "AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID" | |
| fi | |
| if [ -z "$AWS_INSTANCE_ROLE" ] | |
| then | |
| echo -n "Instance Role: " | |
| read AWS_INSTANCE_ROLE | |
| else | |
| echo "Instance Role: $AWS_INSTANCE_ROLE" | |
| fi | |
| if [ -z "$EKS_CLUSTER_NAME" ] | |
| then | |
| echo -n "EKS Cluster Name: " | |
| read EKS_CLUSTER_NAME | |
| else | |
| echo "EKS Cluster: $EKS_CLUSTER_NAME" | |
| fi | |
| ROLE=" - rolearn: arn:aws:iam::${AWS_ACCOUNT_ID}:role/${AWS_INSTANCE_ROLE}\n username: bastion-kubectl-user\n groups:\n - system:masters" | |
| kubectl get -n kube-system configmap/aws-auth -o yaml | awk "/mapRoles: \|/{print;print \"$ROLE\";next}1" > /tmp/aws-auth-patch.yml | |
| kubectl patch configmap/aws-auth -n kube-system --patch "$(cat /tmp/aws-auth-patch.yml)" | |
| # Create kubeconfig based on attached instance role that have added into EKS Cluster RBAC | |
| aws eks --region ap-southeast1 --name $EKS_CLUSTER_NAME |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment