Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/prabhatsharma/eksuser

Utility to manage Amazon EKS users
https://github.com/prabhatsharma/eksuser

Last synced: 3 months ago
JSON representation

Utility to manage Amazon EKS users

Host: GitHub
URL: https://github.com/prabhatsharma/eksuser
Owner: prabhatsharma
License: apache-2.0
Created: 2018-11-12T15:32:05.000Z (about 6 years ago)
Default Branch: master
Last Pushed: 2019-06-30T13:04:50.000Z (over 5 years ago)
Last Synced: 2024-05-23T07:03:09.245Z (8 months ago)
Language: Go
Homepage:
Size: 4.51 MB
Stars: 35
Watchers: 3
Forks: 7
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-containerized-security - eksuser

README

# eksuser

eksuser is a convenience utility that you can use to manage Amazon EKS users.

It allows you to add, update and delete existing IAM users to EKS. It also allows you to add/delete users of an existing IAM group to EKS.

## Prerequisites

1. An Amazon EKS cluster is installed and running
2. aws-cli is configured
3. kubectl and aws-iam-authenticator are configured
4. Existing kubernetes groups that have access

You can create a Role/ClusterRole and then create a binding to the group:

dev-role1.yaml - A Role that gives rights to everything in namespace app1

```yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: super-developer
namespace: app1
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]

---

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: super-developer
namespace: app1
subjects:
- kind: Group
name: super-developer
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: super-developer
apiGroup: rbac.authorization.k8s.io
```

```shell
$ kubectl apply -f dev-role1.yaml
```
admin-cluster-role1.yaml - A ClusterRole that gives super privileges on cluster

```yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: super-admin
rules:
- apiGroups: [ "*" ]
resources: ["*"]
verbs: ["*"]
- nonResourceURLs: ["*"]
verbs: ["*"]

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: super-admin
subjects:
- kind: Group
name: super-admin
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: super-admin
apiGroup: rbac.authorization.k8s.io
```

```shell
$ kubectl apply -f admin-cluster-role1.yaml
```

Now to add an existing IAM user to EKS:

```shell
$ eksuser add --user=prabhat --group=super-admin
$ eksuser add --user=prabhat --group=super-admin,super-developer
```

To provide an IAM user admin rights on cluster:

```shell
$ eksuser add --user=prabhat --group=system:masters
```

To update an existing IAM user to EKS:

```shell
$ eksuser update --user=prabhat --group=super-developer
```

To delete an existing IAM user to EKS:

```shell
$ eksuser delete --user=prabhat
```
Remember that it does not delete the IAM user from AWS IAM, just the IAM user entry from EKS.

To add all users of an AWS IAM group to EKS:

```shell
$ eksuser add --iamgroup=admin --group=system:masters
```

To delete all users of an AWS IAM group from EKS:

```shell
$ eksuser delete --iamgroup=admin
```

## Generate kubeconfig file

On user's machine who has been added to EKS, they can configure .kube/config file using the following command:

```shell
$ aws eks update-kubeconfig --name cluster_name
```

# Installation

Download binaries from [releases page](https://github.com/prabhatsharma/eksuser/releases/) and place the binary in PATH