How to add a user to aws-auth config map in Kubernetes?
Instructions
To add a user to the aws-auth
ConfigMap in Kubernetes using Pulumi in TypeScript, we will follow these steps:
- Setup Pulumi Project: Initialize a new Pulumi project and set up the necessary AWS and Kubernetes providers.
- Retrieve the
aws-auth
ConfigMap: Use the Kubernetes provider to get the existingaws-auth
ConfigMap from thekube-system
namespace. - Modify the ConfigMap: Add the new user to the
mapUsers
section of the ConfigMap’s data. - Apply the Changes: Update the ConfigMap with the modified data.
- Deploy the Changes: Use Pulumi to deploy the changes to the Kubernetes cluster.
Key services involved in this solution include:
- Pulumi: For managing infrastructure as code.
- AWS: The cloud provider where the Kubernetes cluster is running.
- Kubernetes: The container orchestration platform where the
aws-auth
ConfigMap is managed.
Let’s proceed with the detailed steps and code implementation.
Code Example
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as k8s from "@pulumi/kubernetes";
// Create an EKS cluster
const cluster = new aws.eks.Cluster("my-cluster", {
roleArn: "arn:aws:iam::123456789012:role/EKSClusterRole",
vpcConfig: {
subnetIds: ["subnet-12345678", "subnet-87654321"],
},
});
// Create a Kubernetes provider
const k8sProvider = new k8s.Provider("k8sProvider", {
kubeconfig: pulumi.all([cluster.endpoint, cluster.certificateAuthority, cluster.name]).apply(([endpoint, cert, name]) =>
`{
"apiVersion": "v1",
"clusters": [{
"cluster": {
"server": "${endpoint}",
"certificate-authority-data": "${cert.data}"
},
"name": "${name}"
}],
"contexts": [{
"context": {
"cluster": "${name}",
"user": "aws"
},
"name": "${name}"
}],
"current-context": "${name}",
"kind": "Config",
"users": [{
"name": "aws",
"user": {
"exec": {
"apiVersion": "client.authentication.k8s.io/v1alpha1",
"command": "aws-iam-authenticator",
"args": ["token", "-i", "${name}"],
"env": [{"name": "AWS_PROFILE", "value": "default"}]
}
}
}]
}`
),
});
// Retrieve the existing aws-auth ConfigMap
const awsAuthConfigMap = pulumi.output(k8s.core.v1.ConfigMap.get("awsAuthConfigMap", "kube-system/aws-auth", { provider: k8sProvider }));
// Define the new user to be added
const newUser = {
"mapUsers": JSON.stringify([{
"userarn": "arn:aws:iam::123456789012:user/new-user",
"username": "new-user",
"groups": ["system:masters"]
}])
};
// Update the ConfigMap with the new user
awsAuthConfigMap.apply(configMap => {
const updatedData = {
...configMap.data,
...newUser,
};
new k8s.core.v1.ConfigMap("updatedAwsAuthConfigMap", {
metadata: configMap.metadata,
data: updatedData,
}, { provider: k8sProvider });
});
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.