Thanks for the hints, and finally I also made it work.
If you also have access denied like us, you could try my steps.
- edit your IAM role that you created for gitlab as a provision role as below:
Webber Hounien Lin
Author
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“AWS”: “arn:aws:iam::gitlab-awsaccountID:root”
},
“Action”: “sts:AssumeRole”,
“Condition”: {
“StringEquals”: {
“sts:ExternalId”: “4cef7117b099djdjkldl;kdkjleu0831cf9”
}
}
},
{
“Sid”: “”,
“Effect”: “Allow”,
“Principal”: {
“AWS”: “arn:aws:iam::myawsaccountID:user/devop-users”
},
“Action”: “sts:AssumeRole”
}
]
}
- run this command: aws eks update-kubeconfig --name EKS-CLUSTER-NAME --region us-east-1 --role-arn arn:aws:iam::AWS-ACCOUNT-ID:role/PROVISION_ROLE
change the values of AWS-ACCOUNT-ID and PROVISION_ROLE
-
run this command to find the cluster name (optional): kubectl config get-clusters
-
kubectl config use-context YOUR-EKS-CLUSTER
change the value of YOUR-EKS-CLUSTER -
kubectl get svc
hope my solution also working for you!