iam身份验证以及访问控制
介绍 (Introduction)
Elastic Kubernetes Service (EKS) is the fully managed Kubernetes service from AWS. It is deeply integrated with many AWS services, such as AWS Identity and Access Management (IAM) (for authentication to the cluster), Amazon CloudWatch (for logging), Auto Scaling Groups (for scaling worker nodes), and Amazon Virtual Private Cloud (VPC) (for networking). Many companies trust Amazon EKS to run their containerized workloads.
Elastic Kubernetes服务(EKS)是AWS的完全托管的Kubernetes服务。 它与许多AWS服务深度集成,例如AWS Identity and Access Management(IAM)(用于对集群进行身份验证),Amazon CloudWatch(用于日志记录),Auto Scaling Groups(用于扩展工作节点)和Amazon Virtual Private Cloud( VPC)(用于联网)。 许多公司信任Amazon EKS来运行其容器化工作负载。
EKS uses IAM to provide authentication to your Kubernetes cluster (via the aws eks get-token
command, or the AWS IAM Authenticator for Kubernetes). For authorization it relies on native Kubernetes Role Based Access Control (RBAC). IAM is used for authentication to your EKS Cluster. And you can manage the permissions for interacting with your cluster’s Kubernetes API through the native Kubernetes RBAC system.
EKS使用IAM为您的Kubernetes集群提供身份验证(通过aws eks get-token
eks aws eks get-token
命令或适用于Kubernetes的AWS IAM Authenticator )。 对于授权,它依赖于本地Kubernetes基于角色的访问控制(RBAC) 。 IAM用于对EKS群集进行身份验证。 而且,您可以通过本地Kubernetes RBAC系统管理与群集的Kubernetes API交互的权限。
如何创建IAM用户 (How to create an IAM User)
Go to your AWS Console where you will find the IAM service listed under the “Security, Identity & Compliance” group. Inside the IAM dashboard click on the Users tab and click the “Add User” button.
转到您的AWS控制台 ,您将在其中找到“安全性,身份和合规性”组下列出的IAM服务 。 在IAM仪表板内,单击“用户”选项卡,然后单击“添加用户”按钮。
Create a new user and allow the user programmatic access by clicking on the "Programmatic access" checkbox. You do not need any particular permission for your user to access EKS. You can go ahead without selecting any permission.
创建一个新用户,并通过单击“程序访问”复选框来允许该用户以