LogoLogo
  • Welcome to Release
  • Getting started
    • Quickstart
    • Create an account
    • Prepare to use Release
    • Create an application
      • Create custom application
      • Create from template
      • Servers vs runnables
    • Create an environment
  • Guides and examples
    • Domains and DNS
      • Manage domains
      • DNS and nameservers
        • Configure GoDaddy
        • Configure Cloudflare
        • Configure Namecheap
        • Other DNS hosts
      • Routing traffic
    • Example applications
      • Full stack voting app
      • Flask and RDS counter app
      • Static site with Gatsby
      • Golang with Postgres and Nginx
      • WordPress with MySQL
      • Spring and PostgreSQL
      • Terraform and Flask
      • OpenTelemetry demo
      • Load balancer with hostname
      • Static JavaScript service
      • SSH bastion access to services
      • ngrok and OAuth for private tunnels
      • Using OAuth Proxy
      • Hybrid Docker and static site
      • App Imports: Connecting two applications
      • Example library
    • Running instances
      • Cron jobs
      • Jobs
      • Using Helm charts
      • Using terminal
      • Viewing logs
      • Troubleshooting
        • ImagePullBackoff error
        • CrashLoopBackoff error
        • Exit codes
        • OOM: out of memory
    • Advanced guides
      • Containers guide
      • Application guide
      • Kubernetes guide
      • Create a cluster
      • Upgrade a cluster
      • Managing node groups
      • Patch node groups
      • Hostnames and rules
      • Serve traffic on multiple ports
      • Configure access to your K8s cluster
      • Designing for multiple environments
      • Microservices architecture
      • Monitoring your clusters
      • Performance tuning
      • Visibility and monitoring
      • Working with data
        • Container-based data
        • Seeding and migration
        • Cloud-provided data
        • Golden images
        • Third party
      • Pausing Instant Datasets
        • Application pausing schedules
        • Pause/resume environments
      • Infrastructure as code
        • Terraform
  • Reference documentation
    • Account settings
      • Account info
      • Managing users
      • Build settings
        • Build arguments
        • Build SSH keys
      • Add integrations
      • View clusters and cloud integrations
      • Add datasets
      • Environment handles
    • Workflows in Release
      • Stages of workflows
      • Serial deployments
      • Parallel deployments
      • Rolling deployments
      • Rainbow deployments
    • Networking
      • Network architecture (AWS)
      • Network architecture (GCP)
      • Ingresses
      • IP addresses
      • Cloud-provided services
      • Third-party services
    • Release environment versioning
    • Application settings
      • Application Template
        • Schema definition
      • Default environment variables
      • GitHub
      • Pull requests
      • GitOps
      • Just-in-time file mounts
      • Primary App Link
      • Create application FAQ
      • App-level build arguments
      • Parameters
      • Workspaces
    • End-to-end testing
    • Environment settings
      • Environment configuration
      • Environment variables
        • Environment variable mappings
        • Secrets vaults
        • Using Secrets with GitOps
        • Kubernetes Secrets as environment variables
        • Managing legacy Release Secrets
    • Environment expiration
    • Environment presets
    • Instant datasets on AWS
    • Instant datasets on GCP
    • Instant dataset tasks
      • Tonic Cloud
      • Tonic On-Premise
    • Cloud resources
    • Static service deployment
    • Helm
      • Getting started
      • Version-controlled Helm charts
      • Open-source charts
      • Building Docker images
      • Ingress and networking
      • Configuration
    • GitOps
    • The .release.yaml file
    • Docker Compose conversion support
    • Reference examples
      • Adding and removing services
      • Managing service resources
      • Adding database containers to the Application Template
      • Stock Off-The-Shelf Examples
    • Release API
      • Account Authentication
      • Environments API
        • Create
        • Get
        • Setup
        • Patch
      • User Authentication
      • Environment Presets API
        • Get Environment Preset List
        • Get Environment Preset
        • Put Environment Preset
  • Background concepts
    • How Release works
  • Frequently asked questions
    • Release FAQ
    • AWS FAQ
    • Docker FAQ
    • JavaScript FAQ
  • Integrations
    • Integrations overview
      • Artifactory integration
      • Cloud integrations (AWS)
        • AWS guides
        • Grant access to AWS resources
        • AWS how to increase EIP quota
        • Control your EKS fleet with systems manager
        • Managing STS access
        • AWS Permissions Boundaries
        • Private ECR Repositories
        • Using an Existing AWS VPC
        • Using an Existing EKS Cluster
      • Docker Hub integration
      • LaunchDarkly integration
      • Private registries
      • Slack integration
      • Cloud integrations (GCP)
        • GCP Permissions Boundary
      • Datadog Agent
      • Doppler Secrets Manager
      • AWS Secrets Management
    • Source control integrations
      • GitHub
        • Pull request comments
        • Pull request labels
        • GitHub deployments
        • GitHub statuses
        • Remove GitHub integration
      • Bitbucket
      • GitLab
    • Monitoring and logging add-ons
      • Datadog
      • New Relic
      • ELK (Elasticsearch, Logstash, and Kibana)
  • Release Delivery
    • Create new customer integration
    • Delivery guide
    • Release to customer account access controls
    • Delivery FAQs
  • Release Instant Datasets
    • Introduction
    • Quickstart
    • Security
      • AWS Instant Dataset security
    • FAQ
    • API
  • CLI
    • Getting started
    • Installation
    • Configuration
    • CLI usage example
    • Remote development environments
    • Command reference
      • release accounts
        • release accounts list
        • release accounts select
      • release ai
        • release ai chat
        • release ai config-delete
        • release ai config-init
        • release ai config-select
        • release ai config-upsert
      • release apps
        • release apps list
        • release apps select
      • release auth
        • release auth login
        • release auth logout
      • release builds
        • release builds create
      • release clusters
        • release clusters exec
        • release clusters kubeconfig
        • release clusters shell
      • release datasets
        • release datasets list
        • release datasets refresh
      • release deploys
        • release deploys create
        • release deploys list
      • release development
        • release development logs
        • release development start
      • release environments
        • release environments config-get
        • release environments config-set
        • release environments create
        • release environments delete
        • release environments get
        • release environments list
        • release environments vars-get
      • release gitops
        • release gitops init
        • release gitops validate
      • release instances
        • release instances exec
        • release instances logs
        • release instances terminal
  • Release.ai
    • Release.ai Introduction
    • Getting Started
    • Release.ai Templates
    • Template Configuration Basics
    • Using GPU Resources
    • Custom Workflows
    • Fine Tuning LlamaX
    • Serving Inference
Powered by GitBook
On this page
  • Definitions
  • How to add an IAM user to your self-hosted EKS cluster
  • Prerequisites
  • Steps
  • Using the CLI
  • How to access the cluster
  • Prerequisites
  • Steps

Was this helpful?

  1. Guides and examples
  2. Advanced guides

Configure access to your K8s cluster

Learn how to create access controls and view your cluster using kubectl, K9s, and eksctl

PreviousServe traffic on multiple portsNextDesigning for multiple environments

Last updated 1 year ago

Was this helpful?

This document walks you through giving a user access to a Release EKS cluster, accessing the cluster, and viewing the cluster using K9s and kubectl.

Definitions

  • AWS: Amazon Web Services

  • IAM: Identity and Access Management

  • EKS: Elastic Kubernetes Service

  • ARN: Amazon Resource Name

How to add an IAM user to your self-hosted EKS cluster

Prerequisites

To add an IAM user to your cluster, you will need the following:

  • Administrator privileges to the EKS cluster.

  • The ARN for the user you're granting access to (looks like aws:arn:iam::ACCTID:user/USERNAME).

  • A kubeconfig file for the EKS cluster. If you do not have an existing kubeconfig file, generate one by following the steps in the section below.

We recommend you .

Steps

You can grant a user access to a cluster in two ways: Using the K9s visual editor or the command line.

Using the K9s visual editor

  1. Start up K9s and use the :namespace command to access the kube-system namespace as shown below:

  1. Use the :configmap command to access the aws_auth configuration:

  1. Find aws_auth and hit the e command to edit the file. Insert the user as shown below:

  1. Save the file and then verify the changes by using the d (describe) command to view the document that was applied.

Using the CLI

  1. Download the existing aws_auth configmap from the kube-system namespace.

  2. Edit the mapUsers field and add the user.

  3. Save the file.

  4. Apply the changes to the cluster.

  5. Verify the changes have been made.

How to access the cluster

Prerequisites

To access the cluster once you have been added to the configmap, you'll need:

  • Your AWS IAM credentials for the account where the EKS cluster is running.

  • The EKS cluster name and region.

Steps

Once you have been added to the cluster configmap and you have the prerequisites installed, you can gain access to the cluster to view status and logs, and to perform other tasks you have permissions for.

Create the kubeconfig file

Have your AWS credentials available in configuration files, in your environment variables, or in named profiles.

To generate your kubeconfig file, type the following where your eksctl binary is available and your AWS credentials are specified by default:

eksctl utils write-kubeconfig --cluster CLUSTERNAME --region REGION

K9s instructions

We recommend that you use the K9s interface for visualization and viewing logs and status. Administrating the cluster from the K9s interface is also possible. Here are a few use cases we’ve found useful.

View application namespaces

You can use the :namespaces command and filter with the /release search to list applications running from Release environments as shown below:

View pods for a Release environment

You can then either click on a namespace or type the :pods command to view the applications in the Release environment as shown below:

View logs for an application container in a Release environment

You can use the l (or logs) command to view what is happening in your application:

Access the container system (if available)

If you have sufficient privileges and configuration, use the s (or shell) command to enter the running container, if available:

Exit K9s

Use the familiar VI controls to :quit the K9s application:

CLI instructions

Use CLI commands to examine the state of the cluster, but we generally don't recommend using them to change settings or start or stop pods or services, as this should be handled by the Release website or CLI tool.

kubectl get namespaces

Remember that a namespace in Kubernetes maps to a Release environment.

kubectl get pods -n RELEASEENV

Remember that a pod in Kubernetes maps to a Release service in the environment.

kubectl get logs RELEASESERVICE

Copy and paste the section outlined in red above to create a new user. Be careful to edit the ARN correctly to allow the user to access the system. In this example, the users are administrators, but you can consult the to define default roles like viewers and ops users.

Follow the to complete the same procedure done visually above. The steps are the same:

Command line utility eksctl installed. You can follow these .

Command line utility kubectl installed. You can follow these .

We recommend you .

Follow the steps in the AWS . The eksctl binary respects the usual configuration directives that the AWS CLI uses. This document assumes the default credentials are available. If you wish to specify a set of credentials other than default, you will need to specify them appropriately.

Your credentials will authenticate you as a user or role in the account and region where the EKS cluster is available. You may have a user role configured in a different account and then assume a role in the EKS cluster account, or you may have a very complicated setup with or integrations, which is beyond the scope of this document.

You can find great in the Kubernetes documentation.

documentation for Kubernetes
AWS documentation
installation instructions
installation instructions
install K9s
configuration basics guide
OAuth
SAML
kubectl documentation
install K9s
create the kubeconfig file