Install kubectl and aws-iam-authenticator

1 minute read

We need kubectl to access Kubernetes cluster, however in case of Amazon EKS cluster we need aws-iam-authenticator also.

In EKS, authentication happens through AWS IAM using aws-iam-authenticator, and authorization happens though RBAC.

Install kubectl

Install kubectl binary with curl on Linux.

$ curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.14.7/bin/linux/amd64/kubectl
$ chmod +x ./kubectl
$ sudo mv ./kubectl /usr/local/bin/kubectl
$ kubectl version --client

Install aws-iam-authenticator

aws-iam-authenticator is used to authenticate API calls through IAM.

Following are the steps to install aws-iam-authenticator

$ curl -o aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.15.10/2020-02-22/bin/linux/amd64/aws-iam-authenticator
$ chmod +x ./aws-iam-authenticator
$ mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$PATH:$HOME/bin
$ echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc
$ aws-iam-authenticator help

Now run kubectl get all --all-namespaces to get all resources in EKS cluster.

NAMESPACE     NAME                               READY   STATUS    RESTARTS   AGE
default       pod/hello-world-5fcdb6bc85-7hzj2   1/1     Running   0          7d11h
kube-system   pod/aws-node-b76r9                 1/1     Running   0          7d13h
kube-system   pod/aws-node-lv5ff                 1/1     Running   0          7d13h
kube-system   pod/aws-node-nn9zz                 1/1     Running   0          7d13h
kube-system   pod/coredns-74dd858ddc-p78b7       1/1     Running   0          8d
kube-system   pod/coredns-74dd858ddc-tch9t       1/1     Running   0          8d
kube-system   pod/kube-proxy-ghxlb               1/1     Running   0          7d13h
kube-system   pod/kube-proxy-s2bm5               1/1     Running   0          7d13h
kube-system   pod/kube-proxy-xtj4t               1/1     Running   0          7d13h

NAMESPACE     NAME                 TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)         AGE
default       service/kubernetes   ClusterIP   172.20.0.1    <none>        443/TCP         8d
kube-system   service/kube-dns     ClusterIP   172.20.0.10   <none>        53/UDP,53/TCP   8d

NAMESPACE     NAME                        DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
kube-system   daemonset.apps/aws-node     3         3         3       3            3           <none>          8d
kube-system   daemonset.apps/kube-proxy   3         3         3       3            3           <none>          8d

NAMESPACE     NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
default       deployment.apps/hello-world   1/1     1            1           7d11h
kube-system   deployment.apps/coredns       2/2     2            2           8d

NAMESPACE     NAME                                     DESIRED   CURRENT   READY   AGE
default       replicaset.apps/hello-world-5fcdb6bc85   1         1         1       7d11h
kube-system   replicaset.apps/coredns-74dd858ddc       2         2         2       8d

Troubleshooting

Getting error:

error: You must be logged in to the server (Unauthorized)

Then do set your IAM user’s keys and try again!

export AWS_ACCESS_KEY_ID=XXXXXXXXX
export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXX
export AWS_PROFILE=terraform-operator

List Worker nodes

Run below command to get node list.

$ kubectl get nodes

Getting error?

Error from server (Forbidden): nodes is forbidden: User "operator1" cannot list resource "nodes" in API group "" at the cluster scope

Lets see in next article, how to get Node list.

Updated: