-
Notifications
You must be signed in to change notification settings - Fork 317
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[EKS] [aws-auth]: Allow customer to rollback aws-auth configmap when update the configuration wrong #1209
Comments
Tell us about your request Which service(s) is this request for? Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? Are you currently working around this issue? Additional context |
The role that created the EKS cluster will always have admin access back into the EKS cluster. You may have broken all other role's access but you should be able to go back in as that role and reapply aws-auth.(solution for now) |
@GnatorX Yes, I knew that the role that created the EKS cluster will always have admin access back into the EKS cluster. So one way to avoid such issue is that don't allow user to add the creator role into aws-auth file ? thanks in advance. |
Totally agree just wanted to add it for people who ran into this and are looking for a solution. |
This will be solved by #185, which is an EKS API replacement for the aws-auth config map |
Not true |
We had to call AWS support to get this fixed! which is a bummer as we can't do anything ourselves. |
I made a mistake and updated my cluster with the following configmap while I was trying to test why nodes previously arent getting READY , so I lost access to the cluster, then I used the same role below to access the cluster again but I lost my system:masters permissions ! I can't get do kubectl get configmaps , is there a way to regain access ?
|
Addressed with #185 |
Community Note
The text was updated successfully, but these errors were encountered: