eksuser

eksuser is a convenience utility that you can use to manage Amazon EKS users.

It allows you to add, update and delete existing IAM users to EKS. It also allows you to add/delete users of an existing IAM group to EKS.

Prerequisites

An Amazon EKS cluster is installed and running
aws-cli is configured
kubectl and aws-iam-authenticator are configured
Existing kubernetes groups that have access

You can create a Role/ClusterRole and then create a binding to the group:

dev-role1.yaml - A Role that gives rights to everything in namespace app1

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: super-developer
  namespace: app1
rules:
- apiGroups: ["*"]
  resources: ["*"]
  verbs: ["*"]

---

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: super-developer
  namespace: app1
subjects:
- kind: Group
  name: super-developer
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: super-developer
  apiGroup: rbac.authorization.k8s.io

$ kubectl apply -f dev-role1.yaml

admin-cluster-role1.yaml - A ClusterRole that gives super privileges on cluster

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: super-admin
rules:
- apiGroups: [ "*" ]
  resources: ["*"]
  verbs: ["*"]
- nonResourceURLs: ["*"]
  verbs: ["*"]

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: super-admin
subjects:
- kind: Group
  name: super-admin
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: super-admin
  apiGroup: rbac.authorization.k8s.io

$ kubectl apply -f admin-cluster-role1.yaml

Now to add an existing IAM user to EKS:

$ eksuser add --user=prabhat --group=super-admin
$ eksuser add --user=prabhat --group=super-admin,super-developer

To provide an IAM user admin rights on cluster:

$ eksuser add --user=prabhat --group=system:masters

To update an existing IAM user to EKS:

$ eksuser update --user=prabhat --group=super-developer

To delete an existing IAM user to EKS:

$ eksuser delete --user=prabhat

Remember that it does not delete the IAM user from AWS IAM, just the IAM user entry from EKS.

To add all users of an AWS IAM group to EKS:

$ eksuser add --iamgroup=admin --group=system:masters

To delete all users of an AWS IAM group from EKS:

$ eksuser delete --iamgroup=admin

Generate kubeconfig file

On user's machine who has been added to EKS, they can configure .kube/config file using the following command:

$ aws eks update-kubeconfig --name cluster_name

Installation

Download binaries from releases page and place the binary in PATH

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
.vscode		.vscode
cmd		cmd
pkg		pkg
vendor		vendor
.gitignore		.gitignore
Gopkg.lock		Gopkg.lock
Gopkg.toml		Gopkg.toml
LICENSE		LICENSE
README.md		README.md
admin-cluster-role1.yaml		admin-cluster-role1.yaml
build.sh		build.sh
dev-role-1.yaml		dev-role-1.yaml
install.sh		install.sh
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

eksuser

Prerequisites

Generate kubeconfig file

Installation

About

Uh oh!

Releases 4

Packages

Languages

License

prabhatsharma/eksuser

Folders and files

Latest commit

History

Repository files navigation

eksuser

Prerequisites

Generate kubeconfig file

Installation

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 4

Packages 0

Languages

Packages